iOS PassKit partial update and privacy

About

Asked 17/7, 2019 at 8:45 Answered 17/7, 2019 at 13:46

We would like to send iPhone Wallet cards to users containing important health information that they need to have with them at all times.

Because of privacy concerns, we would like to just use a web form, have the user input the required fields, which include their names and birthdates etc., generate the pass and then discard the user information so that their privacy is protected.

However, we would also like to update the pkpass file (or within it, the pass.json file) at some point in the future if information changes. It seems that partial updates are not possible (!)?

How would you solve this?

Clarification Detail

In light of @PassKit's answer, I would like to verify that I can for example update some text on the back of a "coupon" card by including the following complete JSON file in the request:

{
  "coupon": {
     "backFields": [
       {
           "key": "info",
           "label": "Important Information",
           "value": "THIS INFORMATION CHANGED."
       }
     ]
  }
}

Renege answered 17/7, 2019 at 8:45 Comment(0)

Yes, this is perfectly possible.

The only things that you need to keep on your side are the reference between your user and the serial number of their pass, the authentication token for the pass, the device id of each device that the pass is installed in, and the corresponding device push token.

Any personal information can be discarded as soon as the pass.json has been formed and hashed, and the .pkpass bundle has been compiled and delivered to the user's device.

There may be interim requests to the Get latest version of the pass endpoint of the web-service if users try to manually refresh their pass, or after the device token rotates, but these can be responded to with a 304 Not Modified response with no need to send a .pkpass `bundle.

Excuse answered 17/7, 2019 at 13:46 Comment(7)

Just to confirm, is it correct to send an update as indicated in the section I added to my question? – Renege 18/7, 2019 at 12:47

You mention a "reference between your user and the serial number of their pass": what exactly do you mean? I do not have user information (name, birthdate), because we discarded it, remember? So will this data stay in the pass without re-sending it? – Renege 18/7, 2019 at 13:0

When the user data changes, how will you know which pass to update and which device to send the push request to? – Excuse 18/7, 2019 at 13:5

I can keep track of various artifacts, such as push tokens, serial numbers etc., I cannot keep track of some parts of the actual content of the pass, notably personal information. – Renege 20/7, 2019 at 16:37

To answer your direct question, the user data will never change, we only want to be able to update a limited set of fields in the pass. The purpose is to provide up-to-date medical information that is not individualised. – Renege 20/7, 2019 at 16:43

Can you confirm the assertion made in "Clarification Detail"? – Renege 20/7, 2019 at 16:43

For all updates, you have to compile and sign the full .pkpass bundle. You cannot submit a partial update. The pass.json needs to contain all the information you want on the pass. – Excuse 21/7, 2019 at 19:29

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Clarification Detail

Recommended topics

Hot tags