Apple Wallet Integration for Access Passes and Badges in Mobile Apps
An employee or conference participant pass is a generic-type .pkpass. Generic is the most flexible type: there are no strict semantic constraints on fields, structure is determined by the task. For corporate badges, often include employee photos via thumbnail.png (90×90 @1x, 180×180 @2x) — displayed in the top-right corner of the card.
pass.json for Access Pass
{
"formatVersion": 1,
"passTypeIdentifier": "pass.com.yourcompany.badge",
"serialNumber": "BADGE-EMP-1042",
"teamIdentifier": "ABCDE12345",
"organizationName": "YourCompany",
"description": "Employee Access Pass",
"foregroundColor": "rgb(255,255,255)",
"backgroundColor": "rgb(0,80,160)",
"generic": {
"primaryFields": [
{ "key": "name", "value": "Ivan Petrov", "label": "Employee" }
],
"secondaryFields": [
{ "key": "department", "value": "Engineering", "label": "Department" },
{ "key": "access", "value": "A, B, C", "label": "Access Zones" }
],
"auxiliaryFields": [
{ "key": "role", "value": "Senior Developer", "label": "Position" }
],
"backFields": [
{ "key": "emergency", "label": "Emergency Contact", "value": "+7 (495) 123-45-67" },
{ "key": "valid", "label": "Valid Until", "value": "31.12.2024" }
],
"barcode": {
"message": "BADGE-EMP-1042",
"format": "PKBarcodeFormatQR",
"messageEncoding": "iso-8859-1"
}
}
}
thumbnail.png is added as a file in the archive — PassKit picks it up automatically by name.
NFC for Access Control
Generic passes support NFC via the nfc field in pass.json — only for iOS 13+ devices:
"nfc": {
"message": "BADGE-EMP-1042-NFC-TOKEN",
"encryptionPublicKey": "base64-encoded-ec-public-key"
}
An NFC reader at a turnstile reads the encrypted message. However, there's a limitation: NFC in Wallet for a third-party reader only works through Apple's Value Added Services Program — requires a partnership agreement with Apple. Without the program, the NFC function won't activate.
Alternative without partnership — QR scanner. Works reliably, requires only a camera at the entrance.
Pass Lifecycle Management
An employee pass has a clear cycle: issuance → active use → revocation (termination, role change). Revocation is implemented two ways:
Via expirationDate — the pass automatically becomes invalid. Suitable for temporary passes (conference, contractor).
Via voided: true with push-update — for immediate revocation. Server receives an event (HR system, termination) → sends APN push → device downloads updated pass with voided: true → Wallet displays pass as invalid.
When downloading an updated pass, the server must return HTTP 200 with the new .pkpass. If HTTP 304 is returned, the device won't update anything.
Temporary Passes for Events
A conference participant badge uses the same logic, but relevantDate is set to the first day of the event, expirationDate to the last day. You can add a day schedule via backFields:
"backFields": [
{ "key": "schedule", "label": "Program", "value": "09:00 Registration\n10:00 Keynote\n14:00 Workshops" }
]
HR System Integration
The pass should be automatically created upon hiring and revoked upon termination. Webhook from HR system (1C, Bamboo HR, SAP) → server generates .pkpass and emails it to the employee.
For email integration: link like https://api.yourcompany.com/badges/{token}.pkpass — iOS opens it via Safari and offers "Add to Wallet". MIME type should be application/vnd.apple.pkpass.
For role changes — don't revoke the pass, update it instead: PATCH request to the web service URL updates department and role fields. Wallet picks up changes automatically.
Timeline
1–3 days: pass generation with thumbnail, setting up push-updates on revocation, optionally NFC through Value Added Services. Pricing is calculated individually.