Download the PHP package laulamanapps/apple-passbook-laravel without Composer
On this page you can find all versions of the php package laulamanapps/apple-passbook-laravel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download laulamanapps/apple-passbook-laravel
More information about laulamanapps/apple-passbook-laravel
Files in laulamanapps/apple-passbook-laravel
Package apple-passbook-laravel
Short Description Generate Apple Wallet passes (PassKit) from your Laravel application
License MIT
Informations about the package apple-passbook-laravel
Apple Passbook Laravel
This package provides Laravel integration for the LauLamanApps Apple Passbook Package:
generate Apple Wallet passes (.pkpass files) and serve the Apple PassKit Web Service endpoints from your Laravel application.
Requirements
- PHP 8.1+
- Laravel 11.x, 12.x or 13.x
Installation
The service provider (LauLamanApps\ApplePassbookLaravel\ApplePassbookServiceProvider) is registered automatically via Laravel package auto-discovery.
Run Tests
Configuration
Publish the config file:
This creates config/apple-passbook.php:
| Key | Default | Description |
|---|---|---|
certificate |
env('APPLE_PASSBOOK_CERTIFICATE') |
Path to your .p12 Pass Type ID certificate |
certificate_password |
env('APPLE_PASSBOOK_CERTIFICATE_PASSWORD') |
Password protecting the .p12 file |
apple_wwdr_ca |
env('APPLE_PASSBOOK_WWDR_CA') (null) |
Optional path to an Apple WWDR CA .pem; null uses the library default |
web_service.enabled |
env('APPLE_PASSBOOK_WEB_SERVICE_ENABLED', true) |
Whether the PassKit web service routes are registered |
web_service.route_prefix |
env('APPLE_PASSBOOK_WEB_SERVICE_ROUTE_PREFIX', '/v1') |
Route prefix for the web service endpoints |
Add the ENV variables to your .env file:
Get Certificate
Head over to the Apple Developer Portal to get yourself a certificate to sign your passbooks with.
Export the certificate and key to a .p12 file using Keychain Access.
Generating a Pass
The package registers LauLamanApps\ApplePassbook\Build\Compiler as a singleton, configured with your certificate. Inject it anywhere:
See the core package documentation for all pass types (event ticket, coupon, boarding pass, store card, generic), fields, images, colors and locations.
PassKit Web Service
When web_service.enabled is true the package registers all Apple PassKit Web Service endpoints under the configured prefix (default /v1):
| Method | URI | Purpose |
|---|---|---|
POST |
/v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} |
Register a device for pass updates |
DELETE |
/v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber} |
Unregister a device |
GET |
/v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier} |
Serial numbers of updated passes |
GET |
/v1/passes/{passTypeIdentifier}/{serialNumber} |
Retrieve the latest version of a pass |
POST |
/v1/log |
Device diagnostic logging |
For the web service to work, the pass itself must point at your application:
Events
The controllers delegate all persistence decisions to your application through mutable event objects. Each event starts with Status::Unhandled — your listener must set the appropriate status, otherwise a LogicException is thrown.
| Event | Dispatched when |
|---|---|
DeviceRegisteredEvent |
A device registers for pass updates |
DeviceUnregisteredEvent |
A device unregisters from pass updates |
DeviceRequestUpdatedPassesEvent |
A device requests the serial numbers of updated passes (passesUpdatedSince is available via getPassesUpdatedSince()) |
RetrieveUpdatedPassbookEvent |
A device requests an updated pass (If-Modified-Since is available via getUpdatedSince()) |
The /v1/log endpoint needs no listener: messages are written to the application logger at info level.
Authenticating requests
Devices authenticate with an Authorization: ApplePass <token> header carrying the token you set on the pass with setWebService().
The token-carrying events expose isAuthenticatedBy(string $expectedToken): bool.
Always use
$event->isAuthenticatedBy(...)— never compare$event->getAuthenticationToken()with!==.isAuthenticatedBy()uses PHP'shash_equals(), which compares the two tokens in constant time. A plain string comparison short-circuits on the first differing byte, which leaks timing information an attacker can use to reconstruct a valid token byte by byte.
Example listeners
Since Laravel 11, listeners in app/Listeners are auto-discovered — no manual registration is required.
The compiled pass is returned to the device as application/vnd.apple.pkpass with a Last-Modified header, and 304 Not Modified is honored via the If-Modified-Since request header.
Credits
This package has been developed by LauLaman.
All versions of apple-passbook-laravel with dependencies
laulamanapps/apple-passbook Version ^2.0
ext-openssl Version *
illuminate/support Version ^11.0 || ^12.0 || ^13.0
illuminate/http Version ^11.0 || ^12.0 || ^13.0
illuminate/routing Version ^11.0 || ^12.0 || ^13.0