iosjsoniphonewalletpasskit

iOS PassKit partial update and privacy


We would like to send iPhone Wallet cards to users containing important health information that they need to have with them at all times.

Because of privacy concerns, we would like to just use a web form, have the user input the required fields, which include their names and birthdates etc., generate the pass and then discard the user information so that their privacy is protected.

However, we would also like to update the pkpass file (or within it, the pass.json file) at some point in the future if information changes. It seems that partial updates are not possible (!)?

How would you solve this?

Clarification Detail

In light of @PassKit's answer, I would like to verify that I can for example update some text on the back of a "coupon" card by including the following complete JSON file in the request:

{
  "coupon": {
     "backFields": [
       {
           "key": "info",
           "label": "Important Information",
           "value": "THIS INFORMATION CHANGED."
       }
     ]
  }
}

Solution

  • Yes, this is perfectly possible.

    The only things that you need to keep on your side are the reference between your user and the serial number of their pass, the authentication token for the pass, the device id of each device that the pass is installed in, and the corresponding device push token.

    Any personal information can be discarded as soon as the pass.json has been formed and hashed, and the .pkpass bundle has been compiled and delivered to the user's device.

    There may be interim requests to the Get latest version of the pass endpoint of the web-service if users try to manually refresh their pass, or after the device token rotates, but these can be responded to with a 304 Not Modified response with no need to send a .pkpass `bundle.