I wonder about security around Apple Wallet Passes API hosted by passes' issuer - it sounds quite reasonable to assume that deviceLibraryIdentifier and serialNumber are (or should be) difficult to guess (even to be discovered by brute force program), but how to secure the Log endpoint (https://developer.apple.com/documentation/walletpasses/log_a_message) to ensure that "spam" log messages are not accepted from anyone, but only actual log messages from Apple are accepted?
Links:
https://developer.apple.com/library/archive/documentation/PassKit/Reference/PassKit_WebService/WebService.html
https://developer.apple.com/documentation/walletpasses
TodoAsap
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
From
Bergen, Norway