iOS push provisioning Invite only


    Learn how to provide your users with an Add to Apple Wallet button

    Users can already add their Stripe Issuing cards to Apple Wallet by going to the Wallet app and entering the card numbers manually.

    If you’re distributing an app, push provisioning allows you to display a single Add to Apple Wallet button that guides the user through adding their card to Apple Wallet without having to enter the card number.

    Request access from Apple

    Push provisioning requires a special entitlement from Apple called You can request it by emailing Please cc and mention that you’ll be using Stripe Issuing. In your email, include your app’s name, your developer team ID, and your app’s ADAM ID. (You can find your team ID at Your ADAM ID is your app’s unique numeric ID. If the App Store link to your app is, your ADAM ID would be 123456789. You can also find it in App Store Connect).

    Important note on testing

    The entitlement required above only works with distribution provisioning profiles, which means that even after you obtain it, the only way to test the end-to-end push provisioning flow is by first distributing your app via TestFlight or the App Store. This can make testing your app awkward. To mitigate this, we’ve written a mock version of PKAddPaymentPassViewController (the iOS class responsible for managing push provisioning) called STPFakeAddPaymentPassViewController. This class is 100% API compatible with PKAddPaymentPassViewController, so you can write your integration against it, and when it’s time to go to production, simply replace any references to STPFakeAddPaymentPassViewController with PKAddPaymentPassViewController and be confident that your app will work. STPFakeAddPaymentPassViewController also contains code that will help you diagnose common integration issues.

    Update your app

    First, make sure you’ve integrated the latest version of the Stripe iOS SDK with your app, per the instructions at our Getting Started page.

    Next, determine if the user’s device is eligible to use push provisioning by calling PKAddPaymentPassViewController.canAddPaymentPass(). You might use that to show or hide a PKAddPassButton, for example. When the user presses that button (or otherwise indicates they’d like to begin push provisioning), you’ll want to create and present a PKAddPaymentPassViewController, which contains Apple’s UI for the push provisioning flow:

    import Stripe class MyViewController: UIViewController { // ... func beginPushProvisioning() { let config = STPPushProvisioningContext.requestConfiguration( withName: "Jenny Rosen", // the cardholder's name description: "RocketRides Card", // optional; a description of your card last4: "4242", // optional; the last 4 digits of the card brand: .visa // optional; the brand of the card ) let controller = PKAddPaymentPassViewController(requestConfiguration: config, delegate: self) self.present(controller!, animated: true, completion: nil) } }
    #import <Stripe/Stripe.h> // Inside a ViewController - (void)beginPushProvisioning { PKAddPaymentPassRequestConfiguration *config = [STPPushProvisioningContext requestConfigurationWithName:@"Jenny Rosen" description:@"RocketRides Card" last4:@"4242" brand:STPCardBrandVisa]; PKAddPaymentPassViewController *controller = [[PKAddPaymentPassViewController alloc] initWithRequestConfiguration:config delegate:self]; [self presentViewController:controller animated:YES completion:nil]; }

    You’ll notice that PKAddPaymentPassViewController’s initializer takes a delegate that you’ll need to implement - typically this can just be the view controller from which you’re presenting it. We provide a class called STPPushProvisioningContext that is designed to help you implement these methods:

    class MyViewController: UIViewController { var pushProvisioningContext: STPPushProvisioningContext? = nil // ... } extension MyViewController: PKAddPaymentPassViewControllerDelegate { func addPaymentPassViewController(_ controller: PKAddPaymentPassViewController, generateRequestWithCertificateChain certificates: [Data], nonce: Data, nonceSignature: Data, completionHandler handler: @escaping (PKAddPaymentPassRequest) -> Void) { self.pushProvisioningContext = STPPushProvisioningContext(keyProvider: self) // STPPushProvisioningContext implements this delegate method for you, by retrieving encrypted card details from the Stripe API. self.pushProvisioningContext?.addPaymentPassViewController(controller, generateRequestWithCertificateChain: certificates, nonce: nonce, nonceSignature: nonceSignature, completionHandler: handler); } func addPaymentPassViewController(_ controller: PKAddPaymentPassViewController, didFinishAdding pass: PKPaymentPass?, error: Error?) { // Depending on if `error` is present, show a success or failure screen. self.dismiss(animated: true, completion: nil) } }
    @interface ViewController () <PKAddPaymentPassViewControllerDelegate> @property STPPushProvisioningContext *pushProvisioningContext; @end @implementation ViewController - (void)addPaymentPassViewController:(PKAddPaymentPassViewController *)controller generateRequestWithCertificateChain:(NSArray<NSData *> *)certificates nonce:(NSData *)nonce nonceSignature:(NSData *)nonceSignature completionHandler:(void (^)(PKAddPaymentPassRequest * _Nonnull))handler { self.pushProvisioningContext = [[STPPushProvisioningContext alloc] initWithKeyProvider:self]; // STPPushProvisioningContext implements this delegate method for you, by retrieving encrypted card details from the Stripe API. [self.pushProvisioningContext addPaymentPassViewController:controller generateRequestWithCertificateChain:certificates nonce:nonce nonceSignature:nonceSignature completionHandler:handler]; } - (void)addPaymentPassViewController:(PKAddPaymentPassViewController *)controller didFinishAddingPaymentPass:(PKPaymentPass *)pass error:(NSError *)error { // Depending on if `error` is present, show a success or failure screen. [self dismissViewControllerAnimated:YES completion:nil]; } @end

    Lastly, you’ll notice STPPushProvisioningContext’s initializer expects a keyProvider. This should be an instance of a class that implements the STPIssuingCardEphemeralKeyProvider protocol (again, it’s fine if this is just your view controller). This protocol defines a single required method, createIssuingCardKeyWithAPIVersion:completion. To implement this method, make an API call to your backend. Your backend creates an Ephemeral Key object using the Stripe API, as described in “Backend Changes” below, and returns it to your app. Your app then calls the provided completion handler with your backend’s API response:

    extension MyViewController: STPIssuingCardEphemeralKeyProvider { func createIssuingCardKey(withAPIVersion apiVersion: String, completion: @escaping STPJSONResponseCompletionBlock) { // This example uses Alamofire for brevity, but you can make the request however you want Alamofire.request("", method: .post, parameters: ["api_version": apiVersion]) .responseJSON { response in completion(response.result.value, response.result.error) } } }
    @interface ViewController () <STPIssuingCardEphemeralKeyProvider> @end @implementation ViewController - (void)createIssuingCardKeyWithAPIVersion:(NSString *)apiVersion completion:(STPJSONResponseCompletionBlock)completion { NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]]; NSURL *url = [NSURL URLWithString:@""]; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; request.HTTPMethod = @"POST"; NSString *postBody = [@"api_version=" stringByAppendingString:apiVersion]; request.HTTPBody = [postBody dataUsingEncoding:NSUTF8StringEncoding]; [[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { NSDictionary *parsed = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil]; completion(parsed, error); }] resume]; } @end

    That’s it! You can now go through the push provisioning flow, with STPPushProvisioningContext doing the heavy lifting of communicating with the Stripe API.

    Backend changes

    The push provisioning implementation exposes methods that expect you to communicate with your own server backend to create a Stripe Ephemeral Key and return it to your app. This key is a short-lived API credential that can be used to retrieve the encrypted card details for just a single instance of an Issuing Card object. To ensure that the object returned by the Stripe API is compatible with the version of the iOS/Android SDK you’re using, our SDK will tell you what API version it prefers, and then you must explicitly pass this API version to our API when creating the key on your backend. Your app is responsible for determining which Card object to use. Typically this would involve finding the Issuing Cardholder object that is associated with your logged-in user and returning their first active Card.

    curl \ -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \ -d customer="{{CUSTOMER_ID}}" \ -H "Stripe-Version: {{API_VERSION}}"
    key = Stripe::EphemeralKey.create( {customer: '{{CUSTOMER_ID}}'}, {stripe_version: '{{API_VERSION}}'} )
    key = stripe.EphemeralKey.create(customer='{{CUSTOMER_ID}}', stripe_version='{{API_VERSION}}')
    $key = \Stripe\EphemeralKey::create( ['customer' => '{{CUSTOMER_ID}}'], ['stripe_version' => '{{API_VERSION}}'] );
    let key = await stripe.ephemeralKeys.create( {customer: '{{CUSTOMER_ID}}'}, {stripe_version: '{{API_VERSION}}'} );
    RequestOptions requestOptions = (new RequestOptions.RequestOptionsBuilder()) .setStripeVersion("{{API_VERSION}}") .build(); Map<String, Object> options = new HashMap<String, Object>(); options.put("customer", "{{CUSTOMER_ID}}"); EphemeralKey key = EphemeralKey.create(options, requestOptions);
    params := &stripe.EphemeralKeyParams{ Customer: stripe.String("{{CUSTOMER_ID}}"), StripeVersion: stripe.String("{{API_VERSION}}"), } key, _ := ephemeralkey.New(params)
    var options = new EphemeralKeyCreateOptions { Customer = "{{CUSTOMER_ID}}", StripeVersion = "{{API_VERSION}}" }; var service = new EphemeralKeyService(); service.Create(options);

    Next steps

    Was this page helpful?

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.

    On this page