Future roadmap for APNs token authentication: Granular app-scoped keys and ephemeral tokens?

Question

Created 2d

Replies 1

Boosts 0

Participants 2

"The introduction of team-scoped keys is a fantastic step forward for tightening security and isolating responsibilities within larger development organizations. However, as infrastructure moves closer to Zero Trust architectures, managing these keys across decentralized microservices or CI/CD pipelines still presents challenges. I have two questions regarding the long-term roadmap for APNs authentication: 1 App-Level Scoping: Are there plans to allow authentication keys to be scoped down to specific App IDs (Bundle IDs) rather than the entire team? Currently, a compromised team-scoped key could still potentially impact other apps within the same developer account. 2 Short-lived / Ephemeral Tokens: Is Apple considering support for short-lived, dynamically generated authentication tokens (similar to AWS IAM roles or OAuth 2.0 client credentials with expiration) to eliminate the need for storing long-lived ⁠.p8⁠ master keys on third-party backend servers? Understanding the direction of APNs security would greatly help us architect our next-generation notification backend."

Answered by Engineer in 893011022

Thank you for the post.

App-Level Scoping: APNs already supports authentication keys scoped to specific App IDs (Bundle IDs), so a compromised key's impact is contained to the apps it was issued for rather than your entire developer account. See documentation.
Short-lived / Ephemeral Tokens: APNs token-based authentication already uses short-lived JWTs (valid for one hour), with the .p8 key used only as a local signing credential — it never leaves your servers or gets transmitted to Apple. For teams running decentralized micro services, a common pattern today is to centralize the .p8 in a trusted secrets manager and expose an internal token-vending API — so individual services never directly handle the key. That said, we hear your suggestion about a first-party token vending primitive and will take it into consideration.

This would make a great feature request via our Feedback System

Providing Feedback: How and Why? has tips on creating a successful report.

Answer 1

Engineer OP

Apple

22h

Recommended

Thank you for the post.

App-Level Scoping: APNs already supports authentication keys scoped to specific App IDs (Bundle IDs), so a compromised key's impact is contained to the apps it was issued for rather than your entire developer account. See documentation.
Short-lived / Ephemeral Tokens: APNs token-based authentication already uses short-lived JWTs (valid for one hour), with the .p8 key used only as a local signing credential — it never leaves your servers or gets transmitted to Apple. For teams running decentralized micro services, a common pattern today is to centralize the .p8 in a trusted secrets manager and expose an internal token-vending API — so individual services never directly handle the key. That said, we hear your suggestion about a first-party token vending primitive and will take it into consideration.

This would make a great feature request via our Feedback System

Providing Feedback: How and Why? has tips on creating a successful report.