We are currently using Live Activities in our app and supporting both of the following use cases: Starting a Live Activity directly from the app using ActivityKit APIs. Starting a Live Activity from the backend using the start token. In the first case (initiated from the app), the OS generates an update token, and we are able to continuously update the Live Activity via our backend—even if the user has not explicitly provided "Allow" or "Always Allow" consent from the lock screen. This works as expected. In the second case (initiated from the backend), if the user does provide consent ("Allow" or "Always Allow") from the lock screen, we receive the update token and can continue updating the Live Activity. However, if the user does not provide consent, the OS does not provide the update token, and we are unable to send further updates. Question: Is it possible to receive the update token from the OS when the Live Activity is started from the backend, without the user explicitly providing "Allow" or "Always Allow" consent from the lock screen? We would appreciate any clarification or official documentation related to this behavior. Thank you!

When I turn the Ringtone and Alerts volume all the way up, I expect standard notifications to play at the loudest level the device allows. In theory, this should match the volume of a critical alert with its sound.volume set to 1.0 in payload. However, I’ve noticed that non-critical notifications still play quieter than critical alerts under these conditions. Critical alerts with volume: 1.0 sound noticeably louder than standard notifications, even though the Ringtone and Alerts slider is already set to maximum. And I couldn't find a documentation for this behavior anywhere. Is this expected behavior on iOS? And is there any way to make non-critical notifications play at the same maximum loudness as critical alerts? Thanks in advance for any clarification.

有効期限が2026年10月10日のApple Push Servicesに記載されている証明書について、その内容を確認すると、以下の出力が表示されます。 notBefore=2022 年 7 月 14 日 10:XX:XX GMT notAfter=2023 年 8 月 13 日 10:XX:XX GMT このため、Firebase は証明書の有効期限が切れていると認識し、アップロードを許可しません。 この問題の既知のバグや回避策があれば教えていただけますか?

My app(The Smart Life app) is unable to receive push notifications. Please confirm whether APNs has received push notifications from Alibaba Cloud and whether APNs has successfully pushed notifications to the Smart Life app.The Smart Life app uses Alibaba Cloud's push notification service. The message ID pushed by Alibaba Cloud is: f7a02288-a995-47ed-b417-837461028f03 Current Symptom: Alibaba Cloud has reported that this message has been successfully pushed to APNs, but the smart life app has not received any push notifications. The feedback log from Alibaba Cloud shows that the APNs push was successful, but the smart life app did not receive any push. Because APNs do not have message receipts and Alibaba Cloud cannot obtain notification delivery status, it is recommended that I use the APNs channel message ID to submit a work order to Apple technical support for investigation. Note: All push notification permissions for the Smart Life app are enabled, and the Smart Life app is in the foreground when push notifications are sent.

After contacting Apple Support regarding MDM support for my Apple Developer Account, I received a link for my MDM request. The form in the link however requests for my Apple ID which seems to only be possible if I have an App on the AppStore. Considering I am only building an MDM Server I can not provide an Apple ID for this purpose. I have tried explaining this to the AppleSupport contact but I'm not getting any real result. I would appreciate any suggestions or support from this forum. I specifically require access to the MDM Vendor CSR Signing Certificate so that I can generate the APNs MDM Push Certificate needed for our MDM server to communicate with Apple devices.

I created an APNs Auth Key in the Apple Developer portal and downloaded it successfully once. Later, due to some issues, I revoked that key. After that, I created a new APNs Auth Key. The download button appears, but when I click it, I get the message: "Auth Key can only be downloaded once. This auth key has already been downloaded." This is incorrect because: The key is newly created in my account. I have tried multiple browsers (Safari, Chrome), private/incognito mode, and even a different laptop. I have no other active APNs Auth Keys in my account. Without this .p8 file, I cannot configure push notifications for my iOS app (using Firebase Cloud Messaging). This is blocking my production release. Has anyone else experienced this? Is there a way to reset or force a fresh APNs Auth Key when this happens?

If an iOS application has a notification service extension which gets sent a push, but the user has not been prompted for notification authorization via requestAuthorization() then what is the expected behavior? Will the push get delivered to the NSE but the resulting notification not displayed? Or will the push not get delivered at all to the NSE?

Regular apns will give you a willPresent callback and there you can decide to suppress showing the notification or suppress its sound etc. I know the iOS app will give you callbacks for when there's a contentUpdate, yet that doesn't give the option to change the sound. Is there a way to suppress sound of a received Live Activity when app is in foreground?

If there is a Notification Service Extension which has the com.apple.developer.usernotifications.filtering entitlement, then does/how having that entitlement affect the preconditions for the NSE to be delivered a push? Specifically, if the app has not prompted for requestAuthorization() is it expected that the push will be delivered to the NSE or not? Thank you

My start live activity CURL is not starting my live activity and I keep getting a decoding failure even though my curl matches my content state so my live activity is not starting. heres my CURL --header "apns-topic: MuscleMemory.KimchiLabs.com.push-type.liveactivity" \ --header "apns-push-type: liveactivity" \ --header "apns-priority: 10" \ --header "authorization: bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IjI4MjVTNjNEV0IifQ.eyJpc3MiOiJMOTZYUlBCSzQ2IiwiaWF0IjoxNzU3NDYwMzQ2fQ.5TGvDRk5ZYLsvncjKwXIZYN78X88v5lCwX4fRvfl1QXjwv8tOtO2uoId27LQahXA3zqjruu_2YoOfqEtrppKXQ" \ --data '{ "aps": { "timestamp": '"$(date +%s)"', "event": "start", "content-state": { "plain_text": "hello world", "userContentPage": ["hello world"] }, "alert": { "sound": "chime.aiff" } }, "attributes-type": "KimchiKit.DynamicRepAttributes", "attributes": {} }' \ --http2 https://api.sandbox.push.apple.com/3/device/802fe7b4066e26b51ede7188a7077a9603507a0fa6ee8ffda946a864e75aa139602861538d6fb12100afbe9a3338d6c7c799d947dfacb2ee835f0339ecdc3165c9ed7e54839f5a3b89b76a011f5826cc and here is my content state public struct ContentState: Codable, Hashable { public var plainText: String public var userContentPage: [String] public enum CodingKeys: String, CodingKey { case plainText = "plain_text" case userContentPage } public init(plainText: String, userContentPage: [String]) { self.plainText = plainText self.userContentPage = userContentPage } } public init() {} }

The APNs Feedback Service domain “feedback.push.apple.com” was deprecated on March 31, 2021, and became unavailable after August 2025 due to domain name resolution failures. Will this feedback service become available again in the future? Also, is it possible to use the APNs Feedback Service with a domain different from “feedback.push.apple.com”?

If I run the following code in didFinishLaunchingWithOptions() UNUserNotificationCenter.current().requestAuthorization(options: [.alert, .badge, .sound]) { granted, error in if granted { DispatchQueue.main.async { application.registerForRemoteNotifications() } } } Then the result is that didRegisterForRemoteNotificationsWithDeviceToken() gets called. However if I change the code to be just: DispatchQueue.main.async { application.registerForRemoteNotifications() } Or as as its already running on main in this scenario, then just application.registerForRemoteNotifications() Then didRegisterForRemoteNotificationsWithDeviceToken() does NOT get called, but also neither does didFailToRegisterForRemoteNotificationsWithError(). Obtaining a push token is supposed to be independent of the user granting notifications permissions, so why am I not observing that behavior? I only observe this behavior when running on hardware, when running on the simulator both forms of the code work. Yet its nothing to do with my phone not being able to contact the Apple servers etc. - if I change the code back and forth back and forth between the two then if 100% works when using requestAuthorization() and 100% doesn't when not using it. There's nothing additional or out of the ordinary with the code, its standard app delete template stuff. Why isn't it getting a push token when requestAuthorization() isn't used? (I've tried adding an async delay to calling registerForRemoteNotifications(), but it made no difference).

Hello, I have an Apple Developer Enterprise account, and Apple Support has already enabled MDM for my account. I successfully downloaded and installed my MDM Vendor Certificate (it shows up in Keychain as MDM Vendor: [My Company Name] with its private key). Here’s what I’ve done so far: Exported the Vendor Certificate + private key as a .p12, then converted to .pem and .key using OpenSSL. Generated an unsigned CSR with CN=com.apple.mgmt.External. using OpenSSL. Attempted to sign the CSR using: my Vendor certificate the Vendor private key Apple Worldwide Developer Relations (WWDR) intermediate certificate OpenSSL smime -sign command with DER output Problem: Every time I try to upload the vendor-signed CSR to the Apple Push Certificates Portal, I get an error (CSR rejected). Sometimes OpenSSL even fails with “unable to load certificates” depending on how the WWDR certificate is included. My Questions: What is the correct OpenSSL command and certificate chain Apple expects for signing the CSR? Do I need to include any additional intermediates besides WWDR? Is there an official Apple reference example for generating the vendor-signed CSR that the Push Certificates Portal will accept? Any guidance from the community (or someone who has successfully done this end-to-end) would be greatly appreciated. Thank you, Sergio Sanchez

When running application after installation I get a value in pushTokenUpdates and also the call to pushToStartTokenUpdates returns with the token value. But, if I kill the app and restart it again, there is no value in pushTokenUpdates and the call to pushToStartTokenUpdates does not return. Am I suppose to use the push to start token from the previous application run? is there a different solution?

When sending multiple push to start notifications to start a live activities in a short time frame, after around 10 pushes live activities are no longer being started. Device logs show the following entry: Push-to-start budget exceeded for com.att.tlv.myatt::pushToStart; not starting activity What can be done to be able to open more live activities via push-to-start in a short time frame (increase the push-to-start budget)? Can this be related to the development environment and it will not happen on production? NSSupportsLiveActivitiesFrequentUpdates is already set to YES

I am unable to connect to APNs sandbox push endpoint from our backend servers. It works fine when hitting the request from my local machine but it fails from the infra servers. Here are the complete curl details. Endpoint: https://api.sandbox.push.apple.com:443 CURL request and response: curl -v https://api.sandbox.push.apple.com:443 Trying 17.188.168.149:443... Connected to api.sandbox.push.apple.com (17.188.168.149) port 443 ALPN: curl offers h2,http/1.1 Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH TLSv1.2 (OUT), TLS handshake, Client hello (1): CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.sandbox.push.apple.com:443 Closing connection curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.sandbox.push.apple.com:443 There are no issues with Production endpoint. Can someone help? Verified all certificates. Everything worked fine until 29th July but started failing since 30th July Here is the PCAP file. Additionally, Here is the outbound public IP : 3.251.214.255 apple_push_sandbox_pcap.txt

Hi, I have a ninth generation iPad updated to iPados 26 beta 3 but now it no longer updates to the latest version of iPados 26, what can I do?

Does the alert only serve the following purposes: required for start events require for any event that needs to alert the user (with sound or having the live activity show in expanded presentation) while its content DO NOT matter. Only the presence of the field and its attributes matter. The only time its content matter are when the receiving device is an Apple Watch. Is that correct?

I created new APNS key, when i clicked on download, this is the error am getting: Download Failed Auth Key can only be downloaded once. This auth key has already been downloaded. I dont have any key before and i have not downloaded the key before, it just a new key, i just created. Please this is affecting the release of our client app, and the client is having negative thought concern our service not knowing it from you guys.

I was very excited to see the addition of push notifications for widgets. However upon further inspection, the way it is implemented seems too limiting for real life apps. I have an app for time tracking with my own backend. The app syncs with my backend in the main executable (main target). My widgets are more lightweight as they only access data in the shared app container, but they don't perform sync with the server directly to avoid race conditions with the main app. I was under the impression that the general direction of the platform is to be doing most things in the main app target (also App Intents work that way for the most part), so the fact that the WidgetPushHandler just calls the widget's method to reload the timeline is very unfortunate. In an ideal scenario I also need the main app to be 'woken up' to perform the sync with the server, and once that's done I'd update the widget's timeline and where I would just read data from the shared app container. So, my questions are: What is the recommended way of updating the widgets when this push notification arrives in the case that the main app target needs to perform the sync first? Is there any way how to detect that the method func timeline(for configuration: InteractiveTrackingWidgetConfigurationAppIntent, in context: Context) was called as a result of the push notification being received? Can I somehow schedule a background task from the widget's reloadTimeline() function? How can I get the push token later, in case that I don't save it right away the first time the WidgetPushHandler's pushTokenDidChange() is called? Thank you for your work on this and hopefully for your answers. FB19356256