How to Create an Apple Wallet Loyalty Card for Your Business

An Apple Wallet loyalty card — formally called a "store card" in Apple's PassKit framework — is one of the most effective tools a retail or hospitality business can deploy for customer retention. It sits on the customer's lock screen, updates in real time after every transaction and can push a notification to every card holder at any time. Getting one live, however, requires navigating Apple's developer infrastructure. This guide covers everything involved.

What You Need Before You Start

To create and distribute Apple Wallet passes without a third-party platform, you need four components in place before you write a single line of code.

An Apple Developer account ($99/year). You must enrol as an individual developer or as an organisation. The organisation enrolment requires a D-U-N-S number, which can take several days to verify. Without an active Developer Program membership, you cannot create the certificates needed to sign passes.

A Pass Type ID. This is an identifier you register in the Apple Developer portal in the format pass.com.yourdomain.loyalty. It serves as the namespace for your passes and is embedded in every .pkpass file you generate.

A P12 signing certificate. Generated from the Pass Type ID in the Developer portal after creating a Certificate Signing Request (CSR) from your Mac's Keychain Access. The resulting .p12 file contains the private key and certificate needed to sign your passes. Apple certificates expire annually — renewal is a recurring maintenance task.

A web server with HTTPS. Apple requires passes to be served over HTTPS. If you want to support live updates — so the loyalty card balance updates after each purchase — you also need to implement Apple's PassKit web service specification: a set of REST endpoints that Apple's servers call to register devices and request updated passes.

Step-by-Step: Creating a PKPass File

With the prerequisites in place, the process of generating a .pkpass file involves ten distinct steps.

1. Join the Apple Developer Program. Go to developer.apple.com, enrol and pay the annual $99 fee. Wait for organisation verification if applicable — this can take 2–5 business days.
2. Register a Pass Type ID. In the Certificates, Identifiers & Profiles section of the Developer portal, create a new Pass Type ID. Use a reverse-domain format: pass.com.yourdomain.loyalty. This identifier is permanent — choose it carefully.
3. Generate a Certificate Signing Request. On your Mac, open Keychain Access, select "Certificate Assistant" and "Request a Certificate from a Certificate Authority". Save the CSR file to disk.
4. Download the .p12 certificate. In the Developer portal, create a Pass Type ID Certificate by uploading your CSR. Download the resulting .cer file, double-click to add it to Keychain, then export from Keychain as a .p12 file (include the private key). Store this file securely — it is your signing identity.
5. Design your pass.json. This JSON file defines the layout and content of the pass. For a store card, the critical fields are: passTypeIdentifier (your Pass Type ID), teamIdentifier (your 10-character Apple Team ID), serialNumber (unique per pass), storeCard (object containing primaryFields, secondaryFields, auxiliaryFields with your loyalty data), and barcode or barcodes (format, message and altText for the customer's QR code). The strip image, logo and icon are referenced by filename.
6. Prepare your image assets. Apple requires specific image files at defined resolutions: icon.png (29×29 @3x = 87×87px), logo.png (160×50px @3x = 480×150px), strip.png (375×98px @3x = 1125×294px). All images must be PNG, supplied at @1x, @2x and @3x resolutions.
7. Create manifest.json. This file contains the SHA1 hash of every other file in the pass bundle. You must compute these hashes programmatically. Any mismatch between a file and its hash in the manifest causes the pass to be rejected by Apple Wallet.
8. Sign the manifest with PKCS7. Using your .p12 certificate, generate a detached PKCS7 signature of the manifest.json file. The output is a file named signature (no extension). This is the cryptographic proof that the pass was created by the holder of the certificate.
9. Zip the bundle as .pkpass. Create a ZIP archive containing all files — pass.json, manifest.json, signature, all image assets — and rename the extension from .zip to .pkpass. Do not nest files in subdirectories; all files must be at the root of the archive.
10. Host at an HTTPS URL and distribute. Upload the .pkpass file to a web server with a valid HTTPS certificate. Set the MIME type to application/vnd.apple.pkpass. Distribute the URL via email, SMS, QR code on receipts, or an "Add to Apple Wallet" button on your website. When a customer on iPhone taps the link, Apple Wallet intercepts the download and presents the pass preview.

Implementing Live Updates

If you want the loyalty card balance to update automatically after each purchase — which is the core value of a digital loyalty card over a physical one — you need to implement the PassKit web service specification. This involves building four HTTPS endpoints on your server:

• POST /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} — called when a device registers to receive updates for a pass.
• DELETE /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} — called when a device unregisters.
• GET /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier} — called by Apple to get a list of serial numbers that have changed since a given timestamp.
• GET /v1/passes/{passTypeIdentifier}/{serialNumber} — called to retrieve the latest version of a specific pass.

You also need to maintain a database of registered devices and their push tokens, and implement an APNS (Apple Push Notification Service) client to send silent push notifications to devices when a pass has been updated.

The Reality for Most Businesses

That is ten setup steps, four server endpoints, a database, an APNS integration, and an annual certificate renewal cycle — before you've issued a single pass to a customer.

For engineering teams at large enterprises with dedicated infrastructure, this is manageable. For most businesses — independent retailers, hospitality groups, event companies, membership organisations — it is not a proportionate use of time or resource. The loyalty card should be delivering value to customers within days, not months.

How Issuepass Handles All of This

We built Issuepass specifically so that businesses don't need to navigate Apple's developer infrastructure to issue wallet passes. Every step above is handled by our platform.

Certificates — we manage Apple Pass Type certificates centrally. You never touch a .p12 file or worry about an expiring certificate taking your loyalty cards offline overnight.

Pass design — our template editor lets you configure every field, upload your brand assets and preview the pass before issuing. No JSON authoring, no manual SHA1 hashing.

PassKit web service — we operate the registration endpoints and APNS connection on your behalf. When you update a customer's points balance via our dashboard or API, the push notification is sent automatically and the device fetches the updated pass within seconds.

Distribution — generate a unique pass link per customer, download a batch of QR codes for print, embed an "Add to Apple Wallet" button on your website or trigger pass issuance via our API when a customer signs up.

Push notifications — send a text notification to your entire loyalty card holder base in two clicks. No APNS client to maintain, no push token database to manage.

With over 2 billion active mobile wallet users in 2025, the commercial opportunity for wallet-based loyalty is real and growing. The only barrier is the technical setup — and we've removed it.

Start free and issue your first Apple Wallet loyalty card today, without a developer account or a single line of code.