API Reference
The Insider Pass API allows brands, creators, and developers to programmatically create wallet passes, manage pass metadata, send lock-screen push notifications, and track user engagement across Apple Wallet and Google Wallet.
Introduction
The Insider Pass API allows brands, creators, and developers to programmatically create wallet passes, manage pass metadata, send lock-screen push notifications, and track user engagement across Apple Wallet and Google Wallet.
With this API, you can:
- Create and update wallet passes
- Generate dynamic pass content
- Send direct push notifications to pass holders
- Add and manage geo-triggered locations
- Search, filter, and list passes at scale
- Manage API keys for secure integration
All endpoints are JSON-based and follow REST conventions.
Base URL
All API requests should be made to:
https://api.insiderpass.com API Versioning
The API uses URL-based versioning. All endpoints are prefixed with /v1. When we release breaking changes, we'll introduce a new version (e.g., /v2). The current version is v1.2.0.
Rate Limiting
API requests are rate-limited to ensure fair usage and system stability:
- 100 requests per minute per API key
- 10,000 requests per hour per API key
Rate limit headers are included in all responses: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When limits are exceeded, you'll receive a 429 Too Many Requests response.
Response Format
All responses are returned as JSON. Dates and timestamps use ISO-8601 format (e.g., 2025-12-01T20:20:00Z).
List endpoints return paginated results with the following structure:
{
"data": [...],
"total": 100,
"has_more": true,
"next_offset": 20
}
Error Handling
Errors are returned with appropriate HTTP status codes and a JSON error object:
{
"error": {
"code": "invalid_request",
"message": "The request is missing a required parameter.",
"type": "invalid_request_error"
}
}
Common status codes: 400 Bad Request, 401 Unauthorized, 404 Not Found, 429 Too Many Requests, 500 Server Error. See the Error Codes section for details.
Authentication
All requests to the Insider Pass API require an API key. Your API key must be included in the Authorization header for each request.
Getting Started
API keys are managed by Insider Pass to ensure account security and subscription validation. To get your first API key:
Request Your API Key
API keys are only issued to accounts with active subscriptions. Submit a request through our contact form, and our team will verify your account status and provide your API key.
Request API Key- After receiving your key: Log into your Insider Pass dashboard and navigate to Settings → API Keys to view and manage your keys
- Additional keys: Use the Create API Key endpoint to create additional keys programmatically (requires an existing API key from an account with an active subscription)
Important: API keys can only be created for accounts with active subscriptions. The programmatic endpoint requires authentication with an existing API key and will return 403 Forbidden if your account subscription is not active.
Environment Keys
API keys are prefixed to indicate their environment:
- sk_test_... - Test keys for development and testing
- sk_live_... - Production keys for live applications
Test keys operate on a separate test environment and don't affect production data.
Security Best Practices
- Never commit keys to version control - Use environment variables or secure secret management
- Use environment variables - Store keys in .env files (never commit these) or your platform's secret management
- Rotate keys regularly - Create new keys and revoke old ones periodically for enhanced security
- Use separate keys per environment - Different keys for development, staging, and production
- Restrict key permissions - Create keys with minimal required permissions when possible
Error Responses
Authentication errors return the following status codes:
- 401 Unauthorized - Missing or invalid API key
- 403 Forbidden - Valid key but insufficient permissions, or account subscription is not active
# Example 401 response
{
"error": {
"code": "invalid_api_key",
"message": "Invalid API key provided.",
"type": "authentication_error"
}
}
API Keys
Create and manage additional API keys for your Insider Pass account. This endpoint requires:
- An active Insider Pass account with an active subscription
- Authentication with an existing API key (root or primary key)
Need your first API key?
API keys are issued only to accounts with active subscriptions. Request your API key through our contact form.
Request API Key via Contact FormAccess Control: This endpoint will return 403 Forbidden if your account subscription is not active. Your first API key must be requested through our contact form after account signup.
Body Parameters
Human-readable label for the API key (e.g., "Production Key").
Response Fields
Unique identifier for the API key. Use this ID to reference the key in management operations.
Human-readable label you provided when creating the key. Useful for identifying keys in your dashboard.
The full API key secret (e.g., sk_live_xxx). Store this securely — it's only shown once when created. If lost, you'll need to create a new key.
Timestamp indicating when the key was created.
Key Management
To revoke or delete an API key:
- Dashboard: Navigate to Settings → API Keys and click "Revoke" next to the key you want to delete
- API: Use DELETE /v1/api-keys/{id} (requires authentication with a different key)
Revoked keys immediately stop working. Any requests using a revoked key will return 401 Unauthorized.
Usage Notes
Consider creating multiple API keys for:
- Environment separation: Different keys for development, staging, and production
- Service isolation: Separate keys for different services or microservices
- Access control: Keys with different permission levels or scopes
- Key rotation: Maintain multiple keys to enable zero-downtime rotation
List wallet passes
Retrieve a list of wallet passes with optional filters for segmentation and search.
Query Parameters
Filter passes by member name.
Filter passes by membership tier.
Filter passes belonging to a specific brand.
Maximum number of passes to return. Default: 20, Maximum: 100.
Number of passes to skip before starting to collect the result set. Default: 0. Use for pagination.
Response Structure
The response includes pagination metadata:
Array of pass objects matching your query parameters. Each object contains the full pass details (see Pass object).
Total number of passes matching the query (across all pages).
Indicates whether more results are available. Use next_offset to fetch the next page.
Offset value to use for the next page request. Omitted if has_more is false.
Pagination
To paginate through results, use the offset parameter:
# First page (default)
GET /v1/passes?limit=20&offset=0
# Second page
GET /v1/passes?limit=20&offset=20
# Third page
GET /v1/passes?limit=20&offset=40
Create a wallet pass
Creates a new wallet pass for a member. The response includes wallet URLs for Apple Wallet and Google Wallet plus metadata about the pass.
Body Parameters
Name of the member who owns the pass. Max length: 100 characters.
Tier or level of the member (e.g., Listener Tier, Premium Tier). Max length: 50 characters.
Label displayed next to the points value on the pass. Max length: 30 characters.
Current number of points associated with the member. Range: 0 to 999999. Default: 0.
Identifier of the brand or project that owns this pass. Must match an existing brand ID in your account. Format: alphanumeric with underscores, max 50 characters.
Call-to-action text shown with the QR code on the pass. Max length: 100 characters.
Custom key-value metadata to associate with the pass (e.g., email, referral_code). Keys and values must be strings. Max 20 keys per pass. Email values should be valid email format.
Response Fields
The response includes the complete pass object with the following fields:
Unique identifier for the pass (e.g., pass_12345). Use this ID for subsequent operations.
Contains apple and google URLs. Share these URLs with users to add the pass to their wallet. URLs are valid indefinitely.
URL to the QR code image for the pass. Use this to display the barcode in your application.
Initial status is always active. See Pass object for all possible status values.
Timestamp when the pass was created.
Error Scenarios
Returned when validation fails:
- Missing required field (member_name)
- Invalid field format (e.g., invalid email in metadata)
- Field exceeds maximum length
- points_value outside valid range
Returned when brand_id doesn't exist in your account.
Returned when attempting to create a duplicate pass (same member_name and brand_id combination already exists). Use Update Pass to modify existing passes.
Validation Example
# Example 400 error response
{
"error": {
"code": "validation_error",
"message": "points_value must be between 0 and 999999",
"field": "points_value"
}
}
Get a wallet pass
Retrieves the details of an existing wallet pass by its ID. Returns the complete pass object including all fields and metadata.
Path Parameters
The unique identifier of the pass to retrieve (e.g., pass_12345).
Use Cases
- Verify pass details before updating
- Retrieve wallet URLs to display to users
- Check pass status before sending notifications
- Display pass information in your application
Error Responses
Returned when the pass ID doesn't exist or has been deleted.
Returned when the API key is invalid or expired.
Update a wallet pass
Update specific fields on an existing wallet pass. This endpoint supports partial updates — only include the fields you want to change. Common updates include points, tier, QR action text, and status.
Body Parameters
All parameters are optional. Only include fields you want to update.
Updated points value for the member. Range: 0 to 999999.
Updated tier (e.g., Premium Tier). Max length: 50 characters.
Updated call-to-action text shown with the QR code. Max length: 100 characters.
Pass status. Valid values: active, inactive, disabled.
Partial Update Behavior
Only send the fields you want to update. Fields not included in the request remain unchanged. For example, to update only points:
PATCH /v1/passes/pass_12345
{ "points_value": 500 }
Field Mutability
The following fields cannot be updated:
- id - Immutable identifier
- member_name - Cannot be changed after creation
- brand_id - Cannot be changed after creation
- created_at - System-managed timestamp
Validation
The same validation rules apply as in Create Pass. Invalid values will return 400 Bad Request.
Delete a wallet pass
Soft-deletes a pass and disables future notifications. The pass will no longer be usable in the member's wallet, but the data is retained for historical purposes.
Soft Delete Explained
When you delete a pass, it's marked as deleted (soft delete) rather than permanently removed:
- The pass is removed from active listings and cannot be retrieved via Get Pass
- The pass becomes unusable in the user's wallet
- Historical data is retained for analytics and audit purposes
- The pass ID cannot be reused
Irreversibility
Deleted passes cannot be restored through the API. If you need to restore a pass, you'll need to:
- Create a new pass with the same member information
- Contact support if you need to recover historical data
Cascading Effects
Deleting a pass has the following effects:
- Scheduled notifications: All pending/scheduled notifications for this pass are cancelled
- Active notifications: Already sent notifications remain in the system but cannot be resent
- Location triggers: The pass will no longer trigger location-based notifications
Response
On successful deletion, the API returns 204 No Content with an empty response body. If the pass doesn't exist, you'll receive 404 Not Found.
Create a notification
Send a push notification to a specific pass or pass group. Notifications appear on the user's lock screen and in their wallet pass.
List notifications
Retrieve a list of notifications that have been sent or scheduled, with support for filtering and pagination.
Query Parameters
Filter notifications by pass ID.
Filter by status: queued, sent, delivered, failed.
Filter notifications created after this timestamp.
Filter notifications created before this timestamp.
Maximum number of notifications to return. Default: 20, Maximum: 100.
Number of notifications to skip. Default: 0.
Notification detail
Retrieve, update, or delete a single notification by its ID, and access delivery statistics.
Body Parameters
ID of the pass (or pass group) that should receive the notification. Must be a valid, active pass ID.
Notification title shown on the lock screen. Max length: 100 characters. If omitted, defaults to your brand name.
Text content of the notification message. Max length: 500 characters.
Optional deep link that opens when the user taps the notification. Must be a valid HTTP/HTTPS URL. Supports custom URL schemes (e.g., myapp://path) and universal links.
Optional ISO-8601 timestamp to schedule the notification. Use null to send immediately. Must be a future timestamp. Scheduled notifications can be updated or cancelled before they're sent.
Notification Status Values
Notifications progress through the following statuses:
Notification is scheduled and waiting to be sent. Applies to both immediate and scheduled notifications.
Notification has been sent to the push notification service (Apple/Google). Delivery confirmation may be pending.
Notification was successfully delivered to the device. The user may or may not have seen it.
Notification failed to send. Common reasons: invalid pass ID, pass deleted, device not registered, or service error.
Delivery Guarantees
Notification delivery operates on a best-effort basis:
- Notifications are queued and sent as quickly as possible (typically within seconds)
- Delivery depends on device connectivity and push notification service availability
- Users may have notifications disabled or the app uninstalled
- Failed notifications are not automatically retried (use the API to resend if needed)
- Delivery status updates may take a few minutes to reflect accurately
Notification Limits
- Rate limit: 100 notifications per minute per API key
- Title length: Maximum 100 characters
- Body length: Maximum 500 characters
- Scheduled notifications: Can be scheduled up to 30 days in advance
Error Handling
Returned when validation fails:
- Missing required field (body)
- Invalid send_at timestamp (must be future)
- Field exceeds maximum length
- Invalid URL format for deep_link_url
Returned when pass_id doesn't exist or the pass has been deleted.
Returned when you exceed the notification rate limit. Wait before retrying.
Notification Statistics Response
The stats endpoint returns detailed delivery metrics:
{
"notification_id": "notif_67890",
"status": "delivered",
"sent_count": 1,
"delivered_count": 1,
"failed_count": 0,
"opened_count": 0,
"sent_at": "2025-12-01T21:00:05Z",
"delivered_at": "2025-12-01T21:00:10Z",
"device_breakdown": {
"ios": 1,
"android": 0
}
}
List locations
Search and filter geo-trigger locations used to power proximity-based notifications.
Query Parameters
Filter locations by brand ID.
Search locations by name (partial match).
Maximum number of locations to return. Default: 20, Maximum: 100.
Number of locations to skip. Default: 0.
Create a location
Define a geo-triggered location where nearby pass holders can receive context-aware notifications.
Body Parameters
Name of the location (e.g., "Flagship Store"). Max length: 100 characters.
Latitude in decimal degrees. Range: -90 to 90. Use WGS84 coordinate system.
Longitude in decimal degrees. Range: -180 to 180. Use WGS84 coordinate system.
Radius of the geofence in meters. Range: 10 to 10000. Recommended: 50-500 meters for best accuracy and battery efficiency.
Default notification message shown when a user enters this location. Max length: 500 characters.
How Geofencing Works
When a pass holder's device enters the geofence (circular area defined by latitude, longitude, and radius):
- The device detects proximity using GPS and location services
- A notification is automatically sent to the pass holder
- The notification uses the location's default message (if provided) or a custom message
- Notifications are sent once per entry (re-entry after leaving triggers again)
GPS Accuracy Considerations
GPS accuracy varies based on several factors:
- Outdoor accuracy: Typically 5-10 meters under clear sky conditions
- Indoor accuracy: Can be 20-50 meters or worse, depending on building materials
- Urban canyons: Tall buildings can reduce accuracy to 15-30 meters
- Device quality: Newer devices generally have better GPS chips
Recommendation: Use a radius of at least 50 meters to account for GPS inaccuracy. For indoor locations, consider 100-200 meters.
Best Practices
- Minimum radius: Use at least 50 meters to account for GPS inaccuracy
- Maximum radius: Keep under 500 meters for most use cases to avoid false triggers
- Battery impact: Larger radii and more locations increase battery drain. Balance coverage with efficiency
- Location density: Avoid overlapping geofences with similar radii to prevent duplicate notifications
- Testing: Test geofences in real-world conditions before deploying to production
- User permissions: Ensure users have granted location permissions for their wallet app
Location detail
Retrieve, update, or delete a location by its ID.
Location Object Structure
The Get Location endpoint returns a complete location object:
{
"id": "loc_12345",
"name": "Flagship Store",
"latitude": 40.7128,
"longitude": -74.0060,
"radius_meters": 150,
"message": "You're near our store! Stop in for a reward.",
"created_at": "2025-12-01T20:00:00Z",
"updated_at": "2025-12-01T21:00:00Z"
}
Update Location Response
The Update Location endpoint (PUT) returns the complete updated location object, similar to the Get Location response. Only include fields you want to update in the request body.
Pass object
Standard representation of a wallet pass returned by the API.
Field Documentation
Unique identifier for the pass (e.g., pass_12345). Generated automatically on creation. Immutable.
Name of the member who owns the pass. Max length: 100 characters. Cannot be updated after creation.
Membership tier or level. Max length: 50 characters. Can be updated.
Label displayed next to points on the pass (e.g., "Credits", "Points"). Max length: 30 characters.
Current points balance. Range: 0 to 999999. Default: 0. Can be updated.
Brand identifier. Must match an existing brand in your account. Cannot be updated after creation.
Call-to-action text shown with QR code. Max length: 100 characters. Can be updated.
Pass status. Enum: active, inactive, disabled. Default: active. Can be updated.
URL to the QR code image. Generated automatically. Valid indefinitely.
Object containing wallet-specific URLs. Structure:
- apple (string): URL for Apple Wallet
- google (string): URL for Google Wallet
URLs are generated automatically and valid indefinitely. Share these with users to add the pass to their wallet.
Custom key-value pairs. Keys and values must be strings. Max 20 keys. Common use cases: email, referral_code, user_id. Can be updated.
Timestamp when the pass was created. Format: ISO-8601 (e.g., 2025-12-01T20:40:00Z). UTC timezone.
Timestamp when the pass was last updated. Format: ISO-8601. UTC timezone. Equals created_at if never updated.
Status Enum Values
Pass is active and can receive notifications. Default status for new passes.
Pass is temporarily inactive. Cannot receive notifications but can be reactivated.
Pass is permanently disabled (typically after soft delete). Cannot receive notifications and cannot be reactivated.
Date Format
All timestamps use ISO-8601 format in UTC timezone:
2025-12-01T20:40:00Z Format: YYYY-MM-DDTHH:mm:ssZ. The Z indicates UTC timezone.
Field Relationships
- wallet_urls and barcode_url are generated automatically when a pass is created
- status must be active for notifications to be delivered
- points_value and points_label work together to display points on the pass
- brand_id determines which brand's styling and configuration is used
Error Codes
The API uses standard HTTP status codes and returns error details in a consistent JSON format.
Error Response Format
All errors follow this structure:
{
"error": {
"code": "error_code_string",
"message": "Human-readable error message",
"type": "error_type"
// Optional: "field" indicates which field caused the error
"field": "field_name"
}
}
HTTP Status Codes
The request is malformed or contains invalid parameters.
{
"error": {
"code": "validation_error",
"message": "points_value must be between 0 and 999999",
"type": "invalid_request_error",
"field": "points_value"
}
}
Authentication failed. The API key is missing, invalid, or expired.
{
"error": {
"code": "invalid_api_key",
"message": "Invalid API key provided.",
"type": "authentication_error"
}
}
The API key is valid but doesn't have permission to perform this action. This can occur when:
- The account subscription is not active
- The API key doesn't have sufficient permissions for the requested operation
- The account has been suspended or restricted
{
"error": {
"code": "insufficient_permissions",
"message": "You don't have permission to perform this action.",
"type": "authentication_error"
}
}
If you believe this is an error, please contact support to verify your account status.
The requested resource doesn't exist or has been deleted.
{
"error": {
"code": "resource_not_found",
"message": "Pass not found.",
"type": "invalid_request_error"
}
}
The request conflicts with the current state (e.g., duplicate resource).
{
"error": {
"code": "duplicate_resource",
"message": "A pass with this member_name and brand_id already exists.",
"type": "invalid_request_error"
}
}
Rate limit exceeded. Wait before retrying. Check response headers for retry information.
# Response headers include:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1701456000
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Please retry after 60 seconds.",
"type": "rate_limit_error"
}
}
An unexpected server error occurred. Retry the request. If the problem persists, contact support.
{
"error": {
"code": "internal_server_error",
"message": "An unexpected error occurred. Please try again later.",
"type": "api_error"
}
}
Error Types
The request was invalid (e.g., missing required field, invalid format). Usually returns 400.
Authentication failed. Usually returns 401 or 403.
Rate limit exceeded. Returns 429.
An unexpected server error occurred. Returns 500.