In order to be able to send push messages to the app, it is required to have either a certificate or authentication token from Apple Push Notification service (APNs). This document details how to obtain both, though only one is needed.
The suggested method to authenticate with Apple Push Notification Service is by using an Authentication Token.
Token-based authentication offers a stateless way to communicate with APNs. Stateless communication is faster than certificate-based communication because it does not require APNs to look up the certificate, or other information, related to your provider server. There are other advantages to using token-based authentication:
- You can use the same token from multiple provider servers.
- You can use one token to distribute notifications for all of your companys apps.
Requesting a private key to generate the token
To generate the tokens used by your server, you need an APNs authentication token signing key. To create the key file, see Create a private key to access a service.
After requesting the key, Apple will provide you:
- A 10-character string with the Key ID. You must include this string in your JSON tokens.
- An authentication token signing key, specified as a text file (with a.p8file extension).
- If you have an Apple Developer Account, the Team ID is available at your Membership Details (scroll down to Team ID).
- To access the Key ID, you have to use your Apple Developer Account and follow these steps: Get a key identifier.
- The 'topic' field is expecting the App Bundle ID.
- For more information about creating the token and the private key, see Apple Developer documentation.
1. Select the type of certificate
Log in to your developer account at https://developer.apple.com, and navigate to Add iOS Certificate. In the window displayed, select Apple Push Notification service SSL (Sandbox & Production) as the type of certificate.
2. Add the App ID
Select the App ID you would like to use the certificate for.
3. Create and upload the Certificate Signing request
In order to generate the certificate manually, you will need a Certificate Signing Request (CSR) file from your Mac. In the window displayed, click Continue to create a CSR file using Keychain Access.
In Keychain Access, select Certificate Assistant and then Request a Certificate From a Certificate Authority.
When your certificate request has been created on your hard disk, click Done to move to the next step.
Add the certificate information for the Certificate Authority (CA). Add the User Email Address, the Common Name and the CA Email Address.
As the Request is: option is Saved to disk, by clicking Continue, you have to locate and select the CSR file on your disk.
By clicking Save, the CSR file is created. With this, a public and private key pair is automatically generated, with the private key stored on your computer and the requested certificate being the public half of the key pair. The private key can be found in the login Keychain and can be viewed in the Keychain Access under "Keys".
To upload the CSR file, locate it on your hard drive and click Continue.
4. Download and install the certificate
When your certificate is ready, download it on your hard drive.
Make sure to create a backup copy of the certificate at a secure location.
For more information, read the relevant chapters in the App Distribution Guide.
To install the certificate in your Keychain, double click on the downloaded file and click Add.
5. Export the certificate as a .p12 file
The .p12 file is needed so that Mobile Engage can use the certificate to send push messages to your app. To export the certificate in a .p12 file, right click on the certificate and select Export.
You should export a .p12 file for Sandbox and another for Production.
We recommend password protection of the .p12 file, too, which is also available as an option at the export.
6. Add the p12 file to your app in Mobile Engage
In Mobile Engage, locate the Apps tab and click Edit by the required app.
Click Add iOS.
Select and upload the .p12 file generated in the previous section.
Enter the private key password if used.
Select Production or Sandbox depending on the selection when generating the certificate and click Confirm.