Infrastructure

The Wallet Crew is a cloud-native, multi-tenant Wallet as a Service (WaaS) platform hosted on Microsoft Azure in Europe. It powers pass creation and updates for Apple Wallet and Google Wallet.

Public traffic is routed through Cloudflare for WAF protection and rate limiting. Cloudflare also provides CDN caching and TLS termination.

At a glance

• Cloud: Microsoft Azure (managed services, private networking)

• Edge: Cloudflare (CDN, WAF, DDoS protection, TLS)

• Data: Cosmos DB, Azure Data Explorer, Blob Storage

• Secrets: Azure Key Vault

• Async: Azure Service Bus

• Security model: tenant isolation, signed passes, optional webhook signing

Infrastructure components

The platform is built on managed Azure services inside private networks. Azure App Service hosts the stateless API and frontends with horizontal scaling. Azure Service Bus runs asynchronous workloads and background processing.

Operational data is stored in Cosmos DB with tenant-level partitioning. Events and analytics are collected in Azure Data Explorer. Configuration and batch files are stored in Azure Blob Storage. Secrets and certificates are stored in Azure Key Vault.

Tenant isolation is enforced at every layer. Each tenant uses its own Apple and Google wallet accounts. Passes are signed using tenant-owned certificates and keys. Apple updates use APNs, and Google updates use Google Wallet APIs.

The architecture is modular and opt-in. Capabilities are enabled per tenant based on actual needs. Integrations are available through connectors, APIs, and webhooks.

Custom business logic can be implemented with a sandboxed nil.js runtime. This preserves security boundaries and platform stability. PII is not stored long-term unless you explicitly configure it.

Outgoing IP addresses

When The Wallet Crew makes outbound API requests (egress traffic) to your systems or to third-party providers, those requests come from fixed public IP addresses. These are the source IPs used by requests leaving The Wallet Crew. You will see them as the client/source IP in your gateway, WAF, or application logs.

These IPs apply to calls initiated by The Wallet Crew, such as connector requests, webhook delivery, and any server-to-server callbacks you configure.

You only need these IPs when you restrict inbound access to your own endpoints. This is common for corporate firewalls, API gateways, and private partner APIs.

Allowlist the IP for the environment you use. If you use multiple environments, allowlist each relevant IP.

• Production (prod): 20.111.54.22

• Quality Assurance (qa): 51.11.248.115

• Development (dev): 40.66.49.162

Webhooks: don’t rely on IPs only

IP allowlisting reduces noise and blocks obvious unsolicited traffic. It does not prove the request is authentic.

You should still verify webhook authenticity at the application layer.

The Wallet Crew can sign webhook requests using x-neostore-signature (HMAC SHA-256). This lets you verify the payload was sent by us and not modified.

See Webhook for configuration and signature verification.

Data handling

The Wallet Crew stores configuration and operational pass data needed to run the service. Your business source-of-truth usually stays in your systems and is accessed via integrations. This includes CRM, ticketing, loyalty, and marketing automation platforms.

PII is not stored by default. When PII storage is required, it is driven by your configuration and use case.

FAQ