Hello, I have a question regarding the replacement of the APNs authentication key (.p8) in a Firebase setup for push notifications. Currently, my app uses an APNs authentication key from the original Apple Developer account. However, we are in the process of transferring app ownership to a new Apple Developer account, which will require generating a new APNs authentication key and updating it in Firebase. My concerns are: Impact on Existing Device Tokens: If we replace the existing .p8 key with a new one generated from the new developer account, will the existing APNs device tokens remain valid, or will they need to be reissued? Push Notification Delivery: Will Firebase still be able to send push notifications to devices that were registered with the previous APNs authentication key after the key is replaced? Steps for a Smooth Transition: Are there any best practices or additional steps we need to follow to ensure uninterrupted delivery of push notifications during and after the key replacement? Any insights or guidance from the Apple Developer team or community would be greatly appreciated.

We have just been granted access to the com.apple.developer.usernotifications.filtering entitlement, and are following the documented steps for handled E2EE VOIP notifications listed here: https://developer.apple.com/documentation/callkit/sending-end-to-end-encrypted-voip-calls 1 - A user initiates a VoIP call on their app. Their app then sends an encrypted VoIP call request to your server. We do exactly this, Alice calls Bob from her app, sending a notification to our servers. 2 - Your server sends the encrypted data to the receiver’s device using a regular remote notification. Be sure to set the apns-push-type header field to alert. We do exactly this, our server send on a notification to APNS with the apns-push-type header set to alert, destined for Bob. 3 - On the receiver’s device, the notification service extension processes the incoming notification and decrypts it. If it’s an incoming VoIP call, the extension calls reportNewIncomingVoIPPushPayload(_:completion:) to initiate the call. It then silences the push notification (see com.apple.developer.usernotifications.filtering). I try to do exactly this. The notification is received by the NSE on Bob's device, which decrypts it and then notices it is a VOIP call from Alice. It prepares a dictionaryPayload with the decrypted data and then calls reportNewIncomingVoIPPushPayload(_:) async throws. This throws an NSXPCConnectionInterrupted error, which when logged shows as below: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.callkit.notificationserviceextension.voip" UserInfo={NSDebugDescription=connection to service named com.apple.callkit.notificationserviceextension.voip} The only difference I can see to the documentation is that I am working in an asynchronous context so am using the asynchronous version of the method, but I don't imagine this should cause an issue? I then supress the notification as documented and this works correctly. Does anyone have any ideas why I am getting this error when calling reportNewIncomingVoIPPushPayload(_:) async throws?

I am trying to add voip call functionality to my app. It works as expected while the app is in the foreground. But in the background it does not. I have registered the app as requiring background voip permissions. My implementation doesn't fit into one of these posts, so here is a gist: https://gist.github.com/BrentMifsud/4be43c022c1279f04ecb56250a86b3f1

Hi! I am encountering an issue when attempting to send a test notification to update a live activity. The request is failing with the following error: { "code": 400, "message": "bad-request", "reason": "The device token doesn't match the specified topic.", "requestUuid": "3ed3fc0c-9c57-4d67-8ae8-cbabe0579b10" } I have verified that all device tokens and app identifiers are correct, but the error persists. Could you please assist in identifying the root cause of this issue?

After my membership was renewed (auto-payment was rejected, and my account was manually paid), my app stopped receiving notifications I thought was an invalidation by membership but after some days, my app kept not receiving notifications. I just recreated a new key for my app, (I hope it solves the problem) My question is, do I need to make another change to my account to reenable services?

Hi, My customer has acquired the assets of another company. We therefore need to transfer this company's app to my customer's account. This app primarily functions using WebRTC video, which relies on APN PUSH notifications. I have reviewed the information about transferring an app from one developer account to another, particularly here: https://developer.apple.com/help/app-store-connect/transfer-an-app/overview-of-app-transfer. I understand that we need to generate a new SSL certificate that will be integrated into the app once it has been transferred. Since users will not all update the app immediately, we will have two server certificates running in parallel for some time. Is it allowed to send two notifications to the same iPhone, knowing that one of the two will systematically fail? If not, what is the best practice for successfully migrating VOIP notifications? Thank you in advance, F. BABIN

On December 6, 2024, I received the following email. Does this mean that there is something that needs to be done on the app side or on the Firebase side? Currently, in our project, we are using Firebase to set up push notifications. If anyone knows how to deal with this or has taken any action, could you tell me what specific steps you took? Action Required: Apple Push Notification Service Server Certificate Update As we announced in October, the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs will update the server certificates in sandbox on January 20, 2025, and in production on February 24, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate. To ensure a smooth transition and avoid push notification delivery failures, please make sure that both old and new server certificates are included in the Trust Store before the cut-off date for each of your application servers that connect to sandbox and production. At this time, you don’t need to update the APNs SSL provider certificates issued to you by Apple.

Currently, our company server is using the push service by calling APNS through the p8 certificate. In this process, our server does not have a CA certificate or SSL certificate in use. Only the p8 certificate is installed and only performs the role of calling APNS. If it is used like this, is there no need to update the CA certificate separately? Or do I have to apply a new SSL certificate and add the CA to it? Can someone help me plz?

We integrated App Store Server notification, to get notified about CONSUMPTION_REQUESTS and REFUND notifications. In the data, we noticed same transactionId have multiple REFUND decisions, usually REFUND_DECLINED and then REFUND. Why is that? Did user contact customer support ? For the second (or later) REFUND decision, CONSUMPTION_REQUEST notifications are usually not sent, but thats not always the case. Sometimes, REFUND decision are the same. Sometimes, we get even 3 or more REFUND related notifications for same transactionId, e.g: 2024-12-02: REFUND_DECLINED 2024-12-05: REFUND_DECLINED 2024-12-12: REFUND Do user request refund again ? Do they contact customer support ? But I can not explain why sometimes status it REFUND at first, but then later REFUND_DECLINED. Thank you already in advance:)

Hello, it seems like starting from iOS 18.0, it is possible to entirely skip the notifications permission request alert by swiping up from the bottom of the screen. It doesn't work this way with any other kinds of system alerts, nor in iOS 17.4 (tested it in the Simulator though). So, is it a bug? Or is it intended? Either way, I haven't found any information regarding that. The problem with that is when you skip the alert, notifications are missing from the app preferences.

Background: ① We initiate push notification requests by generating tokens using the p8 certificate. ② The lowest version of the server we use is Ubuntu 16.04, and the image is Alpine Linux 3.15. ③ Currently, the root certificate USERTrust_RSA_Certification_Authority.pem is default in the system and has the same MD5 value as the provided download file. The time for both is 2019. My questions: ① Which certificate should we download and add to the server's trust store, Root Certificates? ② Does the system we are using default include this certificate? ③ What operations are needed for this server certificate replacement?

i got some problem for the LiveAcitvity when i start it with notification. The LiveActivity can not show,but it can work when i update or end a LiveActitvity; And so,i think my configeration is right like the code; thanks in advance

Problem We have successfully set up push notifications using Apple APN service, that is push notifications work when using a token generated using the JSON Web Token Generator in the Push Notification console. However, we get an "InvalidProviderToken" error when creating using our own token using the following code. The Key and TeamID is definitely correct (obviously, censored in the below code). When pasting our token in the JSON Web Token Validator in the Push Notification console we get the error „Invalid signing key“. We merely pasted our secret key in our setNewTokenIfNeeded code, separated on four lines using the “““ style. Does anyone know why this error happens? Given that it works when we upload our .p8 file to the JSON Web Token Generator and we simply paste the text of this file (excluding the lines with "-----BEGIN/END PRIVATE KEY-----") I guess our secret key is correct? Code to generate token fileprivate var currentToken: String? fileprivate var currentTokenCreateTime: Date? fileprivate func setNewTokenIfNeeded() { // Ensure, token is at least 20 minutes but at most 60 minutes old if let currentTokenCreateTime = currentTokenCreateTime { let ageOfTokenInSeconds = abs(Int(currentTokenCreateTime.timeIntervalSinceNow)) NSLog("Age of token: \(Int(ageOfTokenInSeconds / 60)) minutes.") if ageOfTokenInSeconds <= 20 * 60 { return } } // Generate new token NSLog("Renewing token.") let secret = """ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCAB """ let privateKey = SymmetricKey(data: Data(secret.utf8)) let headerJSONData = try! JSONEncoder().encode(Header()) let headerBase64String = headerJSONData.urlSafeBase64EncodedString() let payloadJSONData = try! JSONEncoder().encode(Payload()) let payloadBase64String = payloadJSONData.urlSafeBase64EncodedString() let toSign = Data((headerBase64String + "." + payloadBase64String).utf8) let signature = HMAC<SHA256>.authenticationCode(for: toSign, using: privateKey) let signatureBase64String = Data(signature).urlSafeBase64EncodedString() let token = [headerBase64String, payloadBase64String, signatureBase64String].joined(separator: ".") currentToken = token currentTokenCreateTime = Date() } fileprivate struct Header: Encodable { let alg = "ES256" let kid: String = "ABCABCABC" // Key (censored here) } fileprivate struct Payload: Encodable { let iss: String = "ABCABCABC" // Team-ID (censored here) let iat: Int = Int(Date().timeIntervalSince1970) } extension Data { func urlSafeBase64EncodedString() -> String { return base64EncodedString() .replacingOccurrences(of: "+", with: "-") .replacingOccurrences(of: "/", with: "_") .replacingOccurrences(of: "=", with: "") } } Code to send the push notification func SendPushNotification(category: ConversationCategory, conversationID: UUID, title: String, subTitle: String?, body: String, devicesToSendTo: [String]) { // Für alle Felder s. https://developer.apple.com/documentation/usernotifications/generating-a-remote-notification let payload = [ "aps": [ "alert": [ "title": title, "subtitle" : subTitle ?? "", "body": body ], "category" : category.rawValue, "mutable-content": 1 ], "conversationID": conversationID.uuidString ] as [String : Any] // Ggf. Token setzen setNewTokenIfNeeded() guard let currentToken = currentToken else { NSLog("Token not initialized.") return } NSLog(currentToken) // Notification an alle angegebenen Devices schicken let bundleID = "com.TEAMID.APPNAME" for curDeviceID in devicesToSendTo { NSLog("Sending push notification to device with ID \(curDeviceID).") let apnServerURL = "https://api.sandbox.push.apple.com:443/3/device/\(curDeviceID)" var request = URLRequest(url: URL(string: apnServerURL)!) request.httpMethod = "POST" request.allHTTPHeaderFields = [ "authorization": "bearer " + currentToken, "apns-id": UUID().uuidString, "apns-topic": bundleID, "apns-priority": "10", "apns-expiration": "0" ] request.httpBody = try! JSONSerialization.data(withJSONObject: payload, options: .prettyPrinted) URLSession(configuration: .ephemeral).dataTask(with: request) { data, response, error in if let error = error { NSLog(error.localizedDescription) } if let data = data { NSLog(String(data: data, encoding: .utf8)!) } }.resume() } } On a similar note, some people seem to encounter this error when using the prettyPrinted option for the JSON serialization (i.e., in request.httpBody = try! JSONSerialization.data(withJSONObject: payload, options: .prettyPrinted). Could this be the culprit, given our secret key contains „/„ and „+“? Many thanks!

I tried below at 2:00 PM on 21/01/2025(JST). Apple Push Notification service server certificate update I followed above, a new server certificate: "SHA-2 Root : USERTrust RSA Certification Authority certificate" was added to my push server, but a certificate error occurred and push notifications could not be sent. So I refered this article,Instead of connecting via DNS name resolution at api.development.push.apple.com, I fixed api.development.push.apple.com to "17.188.143.34" in /etc/hosts, I could push notifications with the new server certificate. (I got this IP(17.188.143.34) from this airtcle) From this, I suspect that Apple had not yet updated the APNs certificate (CA) for the Sandbox environment as of 2:00 PM on January 21, 2025 (JST). Was the update published as scheduled?

Hello everyone. I'm trying to add a lifetime for push notifications via apns-expiration for my application. With the Internet turned on, push notifications come, that's ok. With the Internet turned off, as I noticed, only the last push with the badge installation on the application icon comes. That is, the logic is that a text push with text is sent, then after N time the next push to the same device with the badge installation. I would like to receive a text push after turning on the Internet.

after doing the "Reset all settings" in settings app. After the reset, our app isn't in the notifications menu and in "allow # to access" list, isn't the notifications option either. Reinstall seems to do the job but that's not an optimal solution.

As you announced at this link https://developer.apple.com/forums/thread/766788, 'APNs will update the server certificates in sandbox on January 20, 2025, and in production on February 24, 2025.' I guess you have updated the sandbox certificate. What can we do to test whether we have correctly updated our application’s Trust Store to include the new server certificate.We test on a server that haven't updated the new server certificate, connect your sandbox environment 'api.sandbox.push.apple.com' to send notifications, it succeed. As I guess, it should failed.

Hello, I'am trying to validate a new app from apple. I have configured sandbox url and production url for server to server apple store notification. I have created subscriptions product id, but there are no validated yet by apple. When I upload my app to testflight, I can't test sandbox notification cause the product id are not available, on local xcode with storekit file I got my product Id but I don't receive notification. So my question is how can I test there thing. I have to produce fake product id ? I'm lock its very complex process, I don't understand. I tried to send my app like that for verification but the team told me to use receipt, but its deprecated and notification webhook is better for me. What is the good order, validate my subscription product ID then test ? what is the good steps. Apple seems to don't want validate my subscription product ID I'm lock..

After upgrading my latest M4 MacBook Pro to macOS 15.2, and even after connecting my iPhone with iPhone Mirroring, there is no 'Allow notification from iPhone' switch option in the macOS notification settings menu, which prevents me from displaying push notifications from my iPhone on macOS.

Dear Apple Engineer Recently we found that our push delivery rate has decreased. On the website "https://icloud.developer.apple.com/dashboard/notifications/teams/43Y657P48S/app/com.taobao.fleamarket", we found that starting from January 8, 2025, "Discarded - Token Unregistered" showed an upward trend, from millions to tens of millions. We have not found the reason, and hope you can help us. Team ID: 43Y657P48S Bundle ID: com.taobao.fleamarket Here are some failed tokens, in "Device Token Validator" The query is valid, but the user cannot receive the message: 56025f656cc3aa701898037f59e8d0cb937263ff5585cd1cec9ae661dcc15b19 5fbbd1e604d3662d7583e9377676f8fa276005145278d6dea04b4fc85a7b070e f0970602551f8d249d8f97960a74006ad78688b52fec6b0d19a585 207caff62e 9388fb40209c100afc2db728342f6fe86c7e34787a8fe4a92b73d2503c5286e0 a2819a4708462588b07452ed827d9afb03c343b586e70dcb67a9981f76295704 8949373cd43783fa3e23d38d55ee1fd72475b39f9c2d2fedca3ecb925b094240 Best Regards!