Identity & Trust in CloudKit Console gives you a single place to bring Apple’s privacy infrastructure into your own apps. Whether you’re identifying incoming callers, filtering URLs, or protecting your origin servers from abuse, you can now plug your service into the same Oblivious HTTP relays, Privacy Pass attestation, and Private Information Retrieval pipelines that Apple uses for its own products.
Live Caller ID Lookup lets your app surface caller identity and spam blocking information for incoming calls, queried in real time against your server. The device hides the caller’s IP address through Apple’s Oblivious HTTP relay, authenticates the request anonymously with the Privacy Pass protocol, and uses Private Information Retrieval (PIR) so your PIR server can return the right record without ever learning which number was looked up.
The Network Extension URL Filter (NEURLFilter) gives apps a way to validate URLs against your filtering service before a connection is made. The system asks your service for a verdict, allow or deny, on each candidate URL, and only proceeds when the answer is allow.
Like Live Caller ID Lookup, NEURLFilter routes lookups through Apple’s Oblivious HTTP relay and queries your PIR server using Private Information Retrieval, so your service can apply your data set to every URL without seeing the user’s IP address or learning which URLs any individual is browsing.
Private Access Tokens prove that an HTTP request is coming from a genuine Apple device without revealing anything about who that device belongs to. Apple’s attester authenticates the device, your issuer signs the token, and origin servers redeem it to skip CAPTCHAs and other friction for real users while protecting origins at scale.