Wallet (Apple & Google)
Issue a branded membership card straight to Apple Wallet or Google Wallet — signed server-side, no app required. Apple cards update themselves the moment a member's points or tier change.
Issuance for both platforms and the full Apple PassKit update web service are live in code today. They require your wallet credentials (Apple Pass Type ID + signing cert; Google issuer + service account) configured with the SocialHub team.
What you get
Server-side issuanceLive
A signed .pkpass is generated server-side and streamed to the member — no native pass-signing code in your app, and no app release to change the card design.
Automatic card updatesLive
Points or tier change → a silent APNs update is pushed → the device re-fetches the pass. The membership card stays live with zero app code.
Clean lifecycleLive
A removed member's pass serial returns 410 Gone, so Wallet drops the stale card gracefully. A cron watches your signing certificate's expiry.
Apple + GoogleLive
Both platforms issue today from one endpoint: Apple returns a signed .pkpass; Google returns a save link. (Silent auto-update is Apple PassKit; Google cards refresh on open.)
Issue a card Live
Call this from inside the signed-in member WebView — see the Mobile SDK guide for the session flow.
// The signed-in member's app requests their card. teamId + memberId come from the
// consumer SESSION (never the body) — the body only selects the platform.
POST https://flash.socialhub.ai/api/consumer/wallet/issue
Content-Type: application/json
{ "platform": "apple" } // "apple" | "google"
// Apple → 200 Content-Type: application/vnd.apple.pkpass
// Content-Disposition: attachment; filename="loyalty-<serial>.pkpass"
// (the response body IS the signed .pkpass — hand it to "Add to Apple Wallet")
// Google → 200 { "saveUrl": "https://pay.google.com/gp/v/save/…" }
// (redirect the member to saveUrl → "Save to Google Wallet")
//
// Wallet not configured for that platform → DomainError WALLET_NOT_CONFIGURED.Updates happen on their own Live
// You do NOT write update code. SocialHub hosts the standard Apple PassKit update
// web service, so the card stays current on its own:
//
// 1. The pass registers the device when added to Wallet
// POST /api/wallet/apple/v1/devices/{deviceId}/registrations/{passTypeId}/{serial}
// 2. A points / tier change enqueues a silent APNs push to the device
// 3. The device re-fetches the latest pass
// GET /api/wallet/apple/v1/passes/{passTypeId}/{serial}
//
// These endpoints are called by Apple's device, not by your app — listed here for
// transparency. A removed / unenrolled member's serial returns 410 Gone (not 500),
// so Wallet cleanly drops a stale card.Before you go live
Apple Pass Type ID
Register a Pass Type ID in your Apple Developer account (Identifiers → Pass Type IDs) and share it with your SocialHub team.
Pass signing certificate
Generate the pass signing certificate for that Pass Type ID. Each .pkpass is signed with it server-side; a cron watches its expiry so it never lapses silently.
APNs auth key (.p8)
Provide an APNs auth key (Key ID + Team ID) so SocialHub can push the silent update notifications that keep the Apple card current.
Google Wallet issuer
For Google cards, provide your Google Wallet issuer ID and a service-account key. SocialHub mints the signed save link server-side.
Note: an Apple Developer account on the paid Apple Developer Program is required to create a Pass Type ID and pass signing certificate.
Acceptance checklist
A real .pkpass issued from POST /wallet/issue (platform: apple) installs on a device and shows the member's current points / tier.
Requesting platform: google returns a saveUrl that adds the card to Google Wallet.
Changing the member's points refreshes the installed Apple card within seconds — with no app interaction.
Issuing for a platform with no configured credentials returns WALLET_NOT_CONFIGURED, not a broken file.
A removed member's Apple pass serial returns 410 Gone, and Wallet drops the card — never a 500.
Setting up Wallet cards?
Talk to an engineer about Apple Pass Type IDs, signing certificates, APNs keys, or Google Wallet issuer setup.
Talk to engineering