Hi, You're here because you've had issues with your implementation of In-App Provisioning Extensions for Apple Pay In-App Provisioning or In-App Verification. To prevent sending sensitive credentials in plain text, create a new report in Feedback Assistant to share the details requested below with the appropriate log profiles installed. Gathering Required Information for Troubleshooting Apple Pay In-App Provisioning or In-App Verification Issues While troubleshooting Apple Pay In-App Provisioning or In-App Verification, it is essential that the issuer is able to collect logs on their device and check those logs for error message. This is also essential when reporting issues to Apple. To gather the required data for your own debugging as well as reporting issues, please perform the following steps on the test device: Install the Apple Pay and Wallet profiles on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The bundle IDs App bundle ID Non-UI app extension bundle ID (if applicable) UI app extension bundle ID (if applicable) The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: Open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp (including timezone) of when the issue was reproduced. The type of provisioning failure (e.g., error at Terms & Conditions, error when adding a card, etc.) The issuer/network/country of the provisioned card (e.g., Mastercard – US) Last 4 digits of the FPAN Last 4 digits of the DPAN (if available) Was this test initiated from the Issuer App? (e.g., yes or no) The type of environment (e.g., sandbox or production) Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or bundle ID of your app or app extensions in the Console app. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay client. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi, To ensure the issue is not caused by an error within your app or web service request, please review the following documentation: Wallet Passes Wallet Developer Guide If the resources above don’t help identify the cause of the error, please provide more information about your app or web services to get started. To prevent sending sensitive credentials in plain text, create a report in Feedback Assistant to share the details requested below. Additionally, if the error is something we need to investigate further, the appropriate engineering teams also have access to the same information and can communicate with you directly within Feedback Assistant for more information, as needed. Please follow the instructions below to submit your report. For issues occurring with your native app or web service, perform the following steps: Install the Wallet profile on your iOS or watchOS device. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device. Create a Feedback Assistant report with the following information: The serial number of the device. Open Settings > General > About > Serial Number (tap and hold to copy). The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. Open Settings > General > About > SEID (tap and hold to copy). The sysdiagnose gathered after reproducing the issue. The .pkpass file(s), pass signing certificate(s) and pass type identiifier(s) (optional). The timestamp of when the issue was reproduced. Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or pass type identifier in the Safari Web Inspector. See Inspecting Safari on macOS to learn more. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Wallet pass implementation. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your web implementation, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

We had noticed “paymentCredentialsAvailable” is getting returned more from apple pay capabilities for some unexpected devices (our example is windows + chrome). Based off the documentation this should only be returning if this is linked to a wallet account w/ valid payment. From some investigation this appears to have changed from apple pay js v1.3.7 to v1.3.8 (latest). Previously the above windows + chrome example would return “paymentCredentialStatusUnknown” which is what would be expected in this case. Tried running chrome in icognito mode and clearing cookies just in case this check had some linkage to the apple account via QR code usage, but did not appear to affect the returned response. Unsure if this is a bug or a change to the logic, but doesn’t appear to be appropriately reflected in the documentation, also a change like this should not be appearing in a patch version. Has anyone else experienced this?

Hello, I have recently started exploring the Apple Wallet extension and have a couple of questions I was hoping you could help clarify: Is there any form of communication between the UI extension and the non-UI extension? From my understanding, the UI extension handles the authorization and simply indicates whether the app approves it or not, without passing additional data. However, the non-UI extension is expected to make calls to the issuer app’s backend, which typically require a token obtained through prior authentication services and may even involve an OTP. Is there a recommended way to share this information between extensions within the Apple Wallet Extension framework, or is using App Groups the only option? Additionally, during the provisioning process, is there any possibility of re-invoking the UI extension if further validation is required? Furthermore, according to the documentation, testing is carried out via TestFlight and in production. Is there any way to test these extensions on a physical device directly from Xcode for debugging purposes, or is TestFlight the only available method? Thank you very much in advance for your time and assistance.

We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

Hello, We are currently developing an application that uses the Host-based Card Emulation (HCE) entitlement to enable corporate access functionality. With this entitlement, we have successfully established HCE communication and can interact with our access control systems to unlock doors. Our question is related to improving the user experience: We would like this access functionality to work without requiring the app to be in the foreground, as this adds friction for users during entry. Specifically, we would like to know: Is it possible for our app to coexist with Apple Wallet as the default contactless app, so that: Our app handles NFC interactions for corporate access (e.g., opening doors). Apple Wallet remains the default for payments. If that coexistence is not possible, and our app is set as the default contactless app, Will the system still need to launch our app into the foreground to complete a transaction (e.g., to emulate the NFC card)? Or is there a way to trigger HCE responses in the background (e.g., using a background process or service extension)? Any guidance on how to configure the app for optimal background access behavior, while maintaining compatibility with Wallet, would be greatly appreciated. Thank you in advance.

Hi, I set up a Sandbox Tester account in my company’s Apple Developer Program and signed in on my iPhone under Settings → App Store → Sandbox Account. When I go to Wallet → Add, I only see options for Credit or Debit Card or Travel Card. The option to add an Apple Pay Sandbox Card is missing, and when I try entering the test card numbers from Apple’s documentation (developer.apple.com/apple-pay/sandbox-testing), the card is not valid. Has anyone experienced this and found a solution? Thanks! PS: I can't post this to Wallet Category, I keep getting error that it contains sensitive text.

We are working with a large fintech org on project connected with provisioning payment cards to Apple Wallet. When we add a previously provisioned card to the Wallet (using the Wallet UI, Add card -> Previous card). It adds the card on one device showing the Express Travel card screen after the card is added allowing the user to set the card as an express travel card during the provisioning flow but never on our other devices. All of the test devices are clean and have only the same single card provisioned. What triggers the Express Travel Card screen to be shown during the add previous card flow? (Why is it showing on one device and not another).

We are working with two types of wallet passes. Provisioning works successfully for one pass type via wallet extensions, but the same process is not functioning for the other. For the second pass type, we are able to generate the required data for pull provisioning and send it to Apple. Additionally, in-app push provisioning for this pass type completes without issue. We would appreciate guidance on how to further debug and resolve this provisioning problem.

We have updated the PNO metadata to include the associatedApplicationIdentifiers for our wallet extensions and the issuer app. While we are able to successfully provision the card to Apple Wallet via pull provisioning, we are unable to retrieve the payment passes that have already been provisioned. How can we address this issue? let passLibrary = PKPassLibrary() let paymentPassLibrary = self.passLibrary.passes(of: .secureElement) paymentPassLibrary is an empty array even though we have passes provisioned.

Hello, We are implementing Apple Wallet extensions (PKIssuerProvisioningExtensionHandler). While our UI extension works as expected, our Non-UI extension is unable to detect payment passes provisioned by our app. Specifically, PKPassLibrary().passes(of: .secureElement) returns an empty array when called from the Non-UI extension, even though the same call correctly returns the passes when executed from the Main iOS App. Our Payment Network Operator has confirmed that our extension bundle identifiers are correctly registered in the metadata on their side. They suggested that the Wallet Extensions entitlement (com.apple.developer.payment-pass-provisioning) may require additional backend enablement for these specific Extension App IDs. Is there a known reason why PKPassLibrary would behave differently in the Non-UI extension vs the Main App? Beyond the standard entitlement request, is there a specific process to "activate" these IDs for extension visibility? Does anyone have guidance on reaching the appropriate team for backend entitlement activation issues? Any insights would be greatly appreciated.

We are observing unexpected behavior in Apple Wallet for transactions processed via an online delivery platform. Here is the specific flow: Initial Authorization: The original order was placed for $22.30. Order Amendment: The user added an item 10 minutes later for $6.20, bringing the total to $28.50. The Issue: Apple Wallet only displays the $6.20 transaction. The initial $22.30 amount is not visible in the transaction list. Technical Verification: We confirmed that both backend authorization messages for the original amount and the add-on were approved. We verified that the final settlement amounts correctly reflect the sum of both charges ($28.50). We have confirmed the transaction lifecycle completed successfully on our end. Despite this, the customer only sees the $6.20 entry in their Wallet history, which creates confusion as it doesn't reflect the total spent. Has anyone encountered this sync issue between settlement totals and Wallet display, or is there a specific way we should be linking these related authorizations? Thanks!

We're working on in-app provisioning for wallet access passes. When testing the in-app provisioning on a sandbox account, I get an error saying software update required. Please advise.

During the in‑app provisioning flow, we successfully obtain the provisioning certificates and generate object for posting. However, in the production environment the flow fails when posted to a broker. broker/v4/devices/{SEID}/cards The staging environment works correctly and provisioning completes without issues. Object {encryptedCardData, activationData, ephemeralPublicKey} is build. The T&C screen never appears. FB22332303

Feedback ID: FB22759977 After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [] ProvisioningOperationComposer: Step '' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

Hi guys, we are trying to implement In-App Provisioning for our banking application. After some iterations of determining responsibilities for providing data, we managed to gather all info required, but the process is failing. When user tries to provision a card, the Provisioning UI flow stops after selecting a device to provision the card on. It presents an alert: "Could Not Add Card", and offers just "Set Up Later". Further investigation (Console.app) shows that PassbookUIService has an error saying: [qv4t2XcQQ1G+AWP9HINjFQ] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Also, when filtering Console output by my SEID, I can see that the request is failing with HTTP 500 code: default 15:09:22.599860+0200 PassbookUIService Response: https://pr-pod10-smp-device.apple.com:443/broker/v4/devices/???/cards 500 Time profile: 0.274013 seconds { Server = "Apple" Content-Type = "text/html" X-Content-Type-Options = "nosniff" Strict-Transport-Security = "max-age=31536000; includeSubdomains" Date = "Wed, 03 Jun 2026 13:09:22 GMT" X-Frame-Options = "SAMEORIGIN" X-XSS-Protection = "1; mode=block" Cross-Origin-Opener-Policy = "same-origin" Content-Length = "170" Connection = "close" } <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> I've submitted a Feedback assistant with the guidelines found here. Feedback ID: FB22924636 (In-App Provisioning failing) Would appreciate if anyone has some pointers as to what to focus on to resolve this issue. Thank you!

Hello, We are implementing in-app provisioning in our banking app but are having trouble getting to the Terms & Conditions screen. User taps on “Add to Apple Wallet” > PKAddPaymentPassViewController > Next > the flow fails quickly with "Could Not Add Card -> Set Up Later" alert. The only notable thing in the logs, as far as I can see is the https://nc-pod12-smp-device.apple.com:443/broker/v4/devices/{SEID}/cards fails with: <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> and maybe ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Feedback Assistant ID: FB22932141 (Error during In-App Provisioning)

This post contains sensitive language. Please revise it in order to continue.Hello, We are working on digital key style application using custom communication with HCE (Host Card Emulation). We have a working solution but there is one issue - if our application is not selected as default NFC application our users may see Wallet popup when there's no active presentment intent in our application. I didn't find in documentation any information how to stop Wallet from activating. I found there's requestAutomaticPassPresentationSuppression method in PassKit, it requires special permission, however I am not sure if it can be used in this situation, as there's no information how it will impact HCE communication in our application. I'll be greatful for any advice. Regards, Valdemar

We are observing multiple different deviceId values linked to the same user within short timeframes. In some instances, a new deviceId appears every few minutes or hours. We utilize this identifier for managing Apple Wallet pass updates. We would appreciate understanding which scenarios might cause the deviceId to change. Could it be influenced by: Device restoration or factory reset procedures App reinstallation or data clearing iOS version updates iCloud account changes or Apple ID authentication status changes Privacy feature activation (such as App Tracking Transparency or Private Relay) Testing environment usage (simulators or automated testing frameworks) We aim to determine whether this behavior is expected or if it suggests atypical usage patterns. Thank you for your assistance!

Hello, We are trying to provision in apple wallet, I am getting an error "Card can not be added". Please check below and let me know if I am missing anything. SEID: 04401D7BCE578001930001236930311377D86C15D956BBA1 TimeStamp: 2025-08-18 11:53:04.570431-0500. CST Last 4 FPAN: 2345 Thanks

We have Wallet and Watch application on iPhone. Both of them can add card and then waiting for activation. However, When the same card is added to Wallet and Watch respectively, waiting for the app-to-app mode to be activated. Client doesn't aware the source application. Because deeplink is exactly the same. Any adivse how does the client have to choose which card to activate?

Hello, We’re developing a loyalty program using Apple Wallet passes, and everything works except the silent push update flow. Context PassTypeIdentifier: pass.order.com.lealtad.xxxx Device is physical (not simulator) Pass is installed and visible in Wallet Correct pushToken is stored in our backend Push response from APNs: StatusCode: 200 OK apns-id: DBFF9693-D053-AA20-D737-3B24414105F3 WebServiceURL is reachable: https://xxxxx.net GET /passes/{passTypeIdentifier}/{serialNumber} endpoint is implemented and logs all calls No call is received from Apple to GET /passes/... after the push .pkpass is signed and installs correctly push payload json Copiar Editar { "aps": { "content-available": 1 }, "serialNumbers": ["9a4c9376d4"], "updated": true } pass.json json Copiar Editar { "formatVersion": 1, "passTypeIdentifier": "pass.order.com.lealtad.xxxxx", "teamIdentifier": "xxxxxxxx", "serialNumber": "9a4c9376d4xxxxxx", "webServiceURL": "https://xxxxxx.net", "authenticationToken": "xxxxxxxxxxxxxxxxx", ... } We have verified: Pass is installed and contains the correct authentication token. Pass registration via POST /devices/... happens and is logged. Push notifications are sent successfully and received (APNs 200 OK). Our endpoint GET /passes/... responds properly with Authorization: Bearer {{token}}. Certificate used to send the push is the same type as the one used to sign the .pkpass. What could cause Apple Wallet to ignore the push? We would appreciate guidance on what might be preventing Wallet from calling the webServiceURL after a valid push. Is there a way to trace why Apple is not triggering the request? Thanks in advance for your help. Best regards, José Ruiz