Migration to the HTTP/2 APNs API

The mobile authentication with push implementation has been updated to use the newer HTTP/2 APNs API, which replaces the older binary (socket) API. While most of these changes are internal, there are two changes that are relevant to iOS push messaging configurations.

APNs push messaging configuration changes

Token authentication, in favor of certificate authentication

The Token Server now supports token authentication in its communication with APNs. This means that instead of downloading a certificate and password from Apple per registered app, you now download one signing key from Apple, which can be used to send notifications to all applications registered to that team. For more information on this difference, see the APNs documentation.

The Token Server versions 5.x will remain backwards compatible, meaning that existing push configurations using APNs SSL certificates will continue to work. However, adding new push configurations or editing existing configurations will require token authentication, by configuring the APNs signing key, team Id, and key Id instead of the deprecated SSL configuration. This new configuration is much simpler, requiring a straightforward upload of the .p8 file received from Apple, along with the team and key identifiers. It also means one iOS push messaging configuration can be used for all applications registered by that Apple developer team.

APNs environment configured on application version level

Go to the APNs environment for more information.

Note: For mobile platform versions with deprecated push messaging configured, the APNs environment will be still fetched from push messaging configuration and APNs environment set on application version level will be ignored.

Etcd property removal

Several etcd properties have been removed. Previously, it was possible to configure several APNs endpoints using the following etcd variables:

  • /token-server/common/app-config/apns/production/host
  • /token-server/common/app-config/apns/production/port
  • /token-server/common/app-config/apns/sandbox/host
  • /token-server/common/app-config/apns/sandbox/port
  • /token-server/common/app-config/apns-feedback/production/host
  • /token-server/common/app-config/apns-feedback/production/port
  • /token-server/common/app-config/apns-feedback/sandbox/host
  • /token-server/common/app-config/apns-feedback/sandbox/port

These etcd variables have been removed, as this configuration is unnecessary and now also outdated. The new HTTP/2 implementation uses port 443 for both production (api.push.apple.com) and development (api.development.push.apple.com).