Apple Credential Provider (UAP role)
Apple's role definition under the Apple Wallet Access Program (UAP) for the entity that provisions credentials to Apple Wallet. The Credential Provider is the technical counterparty that holds the signing keys, formats provisioning bundles, and integrates with Apple Pay directly.
In the LEGIC topology, LEGIC operates the Apple Credential Provider service (combined with LEGIC Orbit for key management) and AE (the "Client Backend") takes the companion Credential Manager role — managing user-side workflows, assembling and delivering the wallet pass reference (credentialProviderId, environmentId, walletCardId) to Apple Wallet Service, and managing credential lifecycle by calling LEGIC's Apple CP API.
The walletCardId is LEGIC's per-credential identifier — minted by the Apple CP when the credential record is created and passed through the provisioning flow as the key reference between the Client Backend, Apple Wallet Service, and LEGIC's Apple CP.
Distinguished from the Apple Credential Manager (the partner-facing role that handles user onboarding, lifecycle requests, etc.). One CP may serve multiple CMs.
What other systems call it
Per-vendor / per-standard terminology for this same concept.
| System | Term / Notes |
|---|---|
| AUApple (UAP) | Apple Credential Provider |
 Apple | Credential Provider |
- src/LEGIC/email-john-harvey-2026-05-13.md — Q3, Q5 — Credential Provider / Credential Manager split
- src/LEGIC/pptx-alert-req-diagrams-2026-05-14.md — Slide 1 — Apple flow; Client Backend labeled "acting as Apple CM"; walletCardId in steps 4, 7, 8