Apple Wallet API and .pkpass files: how to choose a pass vendor
What people mean by “Apple Wallet API”, what a .pkpass file is, and how to compare vendors for signing, updates, reliability, and pricing.
If you’re searching for an “Apple Wallet API,” you’re usually trying to generate passes from your backend, ship quickly, and avoid getting stuck on certificates, signing, and edge cases at the worst possible time.
This guide covers three things:
- what an “Apple Wallet API” typically means in practice
- what a
.pkpassfile is and what “pkpass format” refers to - how to compare pass vendors in a way that holds up in production
What people mean by “Apple Wallet API”
Apple does not provide a single server-side “Wallet API” that you call to create passes.
What teams call an “Apple Wallet API” is usually a workflow that produces a signed .pkpass file and delivers it to a user, with a path to update that pass later on. Some vendors expose that workflow as an API, some wrap it in a dashboard, and some teams build it in-house.
What is a .pkpass file (and what is the pkpass format)?
A .pkpass file is a ZIP bundle with a specific structure that Apple Wallet understands. The “pkpass format” is that bundle structure plus the signing rules that make Wallet trust the pass.
At a minimum, a .pkpass bundle includes:
- (optionally) localized resources in folders like
en.lproj/ pass.jsonwith the pass payload (fields, identifiers, barcode, relevance settings)- images (like
icon.png,logo.png, plus@2xvariants) manifest.jsonwith hashes of the files in the bundlesignature, which is a detached PKCS#7 signature of the manifest created with your Pass Type ID certificate
If you get the signing step wrong, the pass will usually look fine as a file but fail to import into Wallet, which is why vendor choice and certificate ownership matter so much.
You’ll also sometimes see .pkpasses, which is just a ZIP of multiple .pkpass files for convenient distribution.
Quick .pkpass anatomy
If you unzip a typical file, you will see something like:
my-pass.pkpass
pass.json
manifest.json
signature
icon.png
[email protected]
logo.png
[email protected]
en.lproj/
pass.stringsHow to open a .pkpass file (for testing)
This matters because it changes how you debug pass creation:
- On macOS, double-click the
.pkpassfile to preview it. - On iPhone, open the file from Safari, Mail, Messages, or an app download link, then tap Add to Apple Wallet.
How Apple Wallet passes are created, distributed, and updated
From a product point of view, a pass flow has three stages:
- Generate a valid
.pkpassbundle for a specific user or event. - Distribute it, typically via a web link, email, or in-app “Add to Wallet”.
- Update it when reality changes, using push notifications or refresh behavior.
Most “Wallet pass vendors” cover stage one and distribution well, and then differ sharply on updates, portability, and operational tooling.
How pass updates work under the hood (the part vendors hide)
If you care about updates, you are not just buying pass generation; you are buying an implementation of Apple’s update mechanism.
At a high level, a pass update requires:
- a stable identity for a pass (Pass Type ID + serial number)
- a web service that devices can call to fetch the latest pass
- a push token and a push notification to trigger the device to refresh
Push delivery is “best effort,” so you still want a system that is safe when notifications are delayed or dropped.
The main approaches (build vs buy)
Here’s the practical comparison to keep in mind when you decide how to ship.
| Approach | Best when | What you own |
|---|---|---|
| Build it yourself | Passes are core to your product and you need full control. | Certificates, signing pipeline, hosting, monitoring, abuse controls, and on-call. |
| Developer-first API vendor | You want to integrate from code and ship quickly. | Your app logic, data model, and customer experience, while the vendor handles packaging and signing. |
| No-code / marketing-led platform | A non-engineering team needs to launch and iterate without code. | Templates and distribution inside the platform, with constraints you should validate early. |
The vendor comparison checklist that matters in production
Certificate ownership and portability
Ask these questions up front:
- Who controls the Pass Type ID and signing certificates?
- Can you rotate certificates without downtime?
- If you switch vendors, can you keep the same Pass Type ID and continue updating existing passes?
If certificate ownership is ambiguous, treat it as a real risk, because migrations get painful when the vendor becomes the identity for your passes.
Updates and push notifications
Creating a pass is often straightforward, while keeping it current is where most teams feel the complexity.
Ask:
- Can installed passes be updated reliably, and how do you confirm an update succeeded?
- Do they support push-driven updates, or do they rely on expiring links and re-add flows?
- Is the update API explicit about serial numbers and versions, or is it “best effort”?
Debuggability and logs
Pass errors are usually specific, which means your tooling needs to be specific too.
Ask:
- Do you get request logs and structured errors that you can paste into a ticket?
- Can you replay a failed request with the same input to confirm the fix?
- Can you see signing errors separately from template validation errors?
Rate limits, quotas, and abuse controls
Ask:
- What counts as a “pass” for billing: created, downloaded, updated, or active?
- Do updates have separate quotas?
- Can you enforce per-customer limits so one tenant cannot burn your entire monthly quota?
Template flexibility and branding control
Ask:
- Can you keep a consistent design while still supporting per-customer branding?
- How do images work at scale, and what happens when an image URL times out?
- Do you have a safe path for user-supplied logos that does not become an SSRF problem?
Compliance and data handling
Ask:
- What personal data is stored by the vendor, and for how long?
- Can you delete user data on request?
- If you operate in regulated industries, do they offer the controls you need?
Common ways Wallet passes fail
If you are evaluating vendors, it helps to look at what breaks in real integrations because these are the places where good tooling is worth paying for:
- signing certificates that expire or are rotated incorrectly
- missing intermediate certificate in the signature
pass.jsonidentifiers that do not match the certificate- malformed JSON, or small schema mistakes that are hard to spot in reviews
- image issues, such as incorrect dimensions or non-PNG assets where PNG is expected
- barcode issues that only show up on the hardware scanner you use in production
Keyword-driven FAQs (so this page answers the queries people actually type)
Is there an Apple Wallet API?
There are APIs in PassKit for apps on-device, and there are specifications and server requirements for issuing and updating passes, but teams usually mean an API that generates a signed .pkpass file and handles updates safely.
What is the pkpass file format?
It is a ZIP bundle with pass.json, images, manifest.json, and a PKCS#7 signature that signs the manifest.
How do I open a pkpass file?
For quick testing, open the file on macOS to preview it, or open it on an iPhone and use the Add to Apple Wallet flow.
Want a second opinion?
Tell me what you’re building and what constraints you have, and I’ll recommend a sensible path.