Push updates for Wallet Pass in mobile app

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Push updates for Wallet Pass in mobile app
Medium
from 1 business day to 3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Implementing Push Updates for Wallet Pass in Mobile Application

Apple Wallet Pass isn't a static card. Loyalty program, flight ticket, coupon — data changes in real time, user should see current info without reinstalling app. Exactly why Apple implemented server push-update mechanism for PassKit.

How Update Mechanism Works

Architecturally: your server registers device via PassKit Web Service API, stores deviceLibraryIdentifier + pushToken pair, and on data change sends push via APNs. iOS "wakes up", makes GET request to server for updated .pkpass file, card updates without user involvement.

Implementation splits into server and client parts — client nearly zero: PassKit itself handles registration cycle if server implements protocol correctly.

PassKit Web Service Server Protocol

Server must provide four endpoints:

  • POST /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} — device registration
  • DELETE /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} — deregistration
  • GET /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}?passesUpdatedSince={tag} — list of updated passes
  • GET /v1/passes/{passTypeIdentifier}/{serialNumber} — download current .pkpass

Most common error — wrong HTTP status. Apple PassKit very sensitive: 200 with empty body on DELETE → iOS breaks deregistration. Need 204 No Content. GET with no changes — strictly 204, not 200 [].

// Example response structure for GET /registrations
{
  "serialNumbers": ["ABC123", "DEF456"],
  "lastUpdated": "1711234567"
}

lastUpdated field — UNIX timestamp as string. iOS passes it back in passesUpdatedSince on next request. Wrong timestamp format — device constantly requests all passes, ignoring incremental logic.

APNs Push for Update

Wallet push non-standard. Minimal payload:

{
  "aps": {}
}

Exactly like this — empty aps. No alert, badge, sound. iOS on receiving such push silently goes to server for updates. Send via APNs with apns-topic equal to passTypeIdentifier (format: pass.com.yourcompany.appname), not bundleIdentifier.

PassKit certificate separate — Pass Type ID Certificate from Apple Developer Portal, not usual APN cert. Confused regularly, result: APNs accepts request but push doesn't deliver.

# Example sending via httpx (Python, APNs HTTP/2)
headers = {
    "apns-topic": "pass.com.example.loyalty",
    "apns-push-type": "background",
    "apns-priority": "5",
    "authorization": f"bearer {jwt_token}"
}
payload = json.dumps({"aps": {}})
response = await client.post(
    f"https://api.push.apple.com/3/device/{push_token}",
    content=payload,
    headers=headers
)

apns-priority: 5 — mandatory for background push. Priority 10 for Wallet doesn't work as expected.

.pkpass Signing

Each .pkpass — ZIP archive with manifest.json (SHA-1 hashes of all files) and signature (PKCS#7 detached signature). On update must recalculate manifest and recreate signature. Using old signature with new data → iOS silently ignores file.

Signature generation via openssl:

openssl smime -binary -sign \
  -certfile AppleWWDRCA.pem \
  -signer passcertificate.pem \
  -inkey passkey.pem \
  -in manifest.json \
  -out signature \
  -outform DER

Apple's signpass tool convenient for testing, but production better to implement signing natively on server — without external binaries.

Testing Update Cycle

PassKit Companion App (macOS) simulates registration and checks endpoints directly. Server debug — enable WKWebsiteDataStore logging on iOS simulator won't work, but Charles Proxy on real device intercepts PassKit requests completely.

Typical debug cycle: add pass via app → check POST registration in Charles → push manually via curl → confirm iOS fetches updated pass → check card UI.

Process

Audit current server infrastructure or implement from scratch: Pass Type ID, server endpoints, pushToken storage.

Set up APNs with Pass Type ID Certificate, implement push send on data change.

Generate and sign .pkpass on server, set up incremental updates.

Test full cycle: registration → data change → push → card update.

Timeline Estimates

Existing infrastructure with just PassKit Web Service addition — 3–5 days. Full implementation including pass file generation and server backend — 1–2 weeks depending on update logic complexity.