Push / App Messaging

Set up push and app messaging channels to deliver messages to your customers through your mobile apps.

To set up push or app messaging channels, you must configure your authentication so that we can recognise your app users

If you want to use the native push channels, such as APNS and FCM, the instructions to do this are below.

App messaging is a secure messaging channel and therefore requires you to authenticate users prior to them being able to use the service. Authentication can be performed by any authentication server or service that can issue a JWT (JSON Web Token). There are plenty of authentication platforms available to use that can issue tokens for your authenticated users, or use your existing systems.

Authentication Setup

To see and configure your app messaging authentication:

  1. Open your API Space in the portal.
  2. Select Channels from the menu on the left.
  3. Find the App Messaging section.

  1. Select Authentication.
  2. Complete the fields on the form so that we can understand and verify your JWT tokens:
IssuerThis should match the value of the iss (issuer) claim in your JWT. It is used to identify the principal that issued the JWT. The iss value is a case-sensitive string containing a unique string or a URL.
AudienceThis should match the value of the aud (audience) claim in your JWT.
Shared secretThis is the secret used to create your signature for your JWT so we can ensure it has not been tampered with before accepting it.
ID ClaimThis is the name of the claim in your JWT that should be used to identify a user, the sub claim is usually used. This will be mapped to the ID field for a user's profile.

Configuring your JWT details for authentication

Anonymous Authentication

App messaging requires a JWT token in order to recognise users, but if you want to support anonymous users this is still possible by creating a unique user ID (such as a GUID) for them and issuing them a JWT. This process is sometimes referred to as self issued tokens.

There are two ways of creating a JWT for anonymous users, you can:

1. Use the Session API to create a JWT

This is a convenient way to create an anonymous user JWT, simply call the Session API to generate an anonymous JWT. You can pass a user id, which could be a GUID, and a nonce to ensure the JWT is the one you requested. Note: The profile id for the anonymous user will be the passed user id prefixed with anon_

2. Use a self-issued JWT

With this option you must create a valid JWT matching the settings you entered into the App Messaging configuration; you have total control of the user id and claims. There are plenty of code examples of how to create JWT online, and a lot of good information and code libraries can be found at the JWT home page. Alternatively you can use our Session API to create an anonymous JWT for you.

Push Configuration

To see and configure your app messaging native push channels:

  1. Open your API Space in the portal.
  2. Select Channels from the menu on the left.
  3. Find the App Messaging section.

If you’re using our App Messaging SDK's in native apps the native push channels for the platforms (APNS and FCM) must be configured using the instructions below:

Android FCM setup

  1. Open the Firebase Console.
    If you haven’t created an API project yet, select Create Project.

  2. Find your Firebase project and select the project name.

  3. Go to Settings > Service Accounts.

  4. Select the appropriate language for your SDK implementation.

    User-uploaded image: image.png

  5. Select Generate new private key, then select Generate key to confirm.

  6. Securely store the JSON file containing the key.

  7. In the Portal, go to Channels and then in the App Messaging section select the Android icon.

  8. Select FCM Credentials.

  9. In the pop-up fill in the form with your Android package name and select the Upload private key field to upload the JSON file you stored in step 5.

Once this is done, ensure you have integrated the App Messaging SDK, so that you can test your settings.

Apple APNS Setup


We recommend using APNS tokens

The newer APNS token based authentication is our preferred configuration for APNS as it works for apps published under an Apple Developer account, and does not expire unlike the APNS certificates which expire annually.

You have two options for setting up APNS. You can use either the newer APNS token based authentication system, or individual APNS certificate per app bundle:

APNS Tokens

Follow these instructions to configure APNS for App Messaging to use APNS tokens for native push notifications:

  1. Log in to your Apple Developers Portal.
  2. Select Certificates, IDs & Profiles.
  3. Go to Keys > All.
  4. Select the + icon to create a new key.
  5. Enter a name for the key and ensure the Apple Push Notifications service (APNs) option is selected.
  6. Create the key.
  7. Download the key and store it securely; also note down the Key ID displayed.
  8. Log into the Portal.
  9. Go to Channels, and in the_ App Messaging _section, select the Apple icon.
  10. Select APNS Token.

APNS token settings

  1. Select the Upload private key field and upload the APNS Private key file (p8 file) you downloaded in step 7.
  2. Enter the Key ID you noted down in step 7.
  3. Enter your Team ID.
    You can find this in the Apple Developers Portal under the Membership section.
  4. Select Save.

Now ensure you have integrated the App Messaging SDK, so that you can test your settings.

APNS Certificates


APNS certificates must be refreshed annually

APNS certificates are only valid for one year. You need a new one generated annually for each app and the p12 certificate extracted and uploaded to the portal. Ensure you have reminders set to do this in good time prior to your certificate expiry.

If you already have an APNS certificate you can skip to step 6.

  1. Create a new App ID or find your application.
  2. Request the certificate.
  3. Configuring an App ID for Push Notifications.
  4. Download the certificate.
  5. Create the provisioning profile.
  6. Upload your APNS certificate.

Create a new App ID or find your application


If you already have an App ID in the Apple Developer Member Center, follow these steps. If you don’t, skip to step 2.

  1. Log in to the Apple Developer Member Center.

  2. Select Identifiers under iOS Apps and locate your application in the list.

  3. If you haven't registered an App ID yet, select the + symbol and fill out the form. You must select the Push Notifications checkbox.

    Wildcard IDs cannot use the push notification service.

  4. Register a new App ID:

    1. Enter your App ID Description (for example, PushAppID), and select an App ID Prefix.
    2. Under App ID Suffix, select Explicit App ID, and provide the correct Bundle Identifier in the form com.company.application, for example, com.mobiledonky.MyPushApp.

  1. Select Submit.


Request the certificate

  1. Generate a certificate request file using Keychain Access on your OS X Machine.


Tap cmd + space to bring up Spotlight.

  1. Go to Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.


  1. Enter the required information and select Saved to disk, then select Continue.

  2. Save the certificate request using the suggested name and select Save then Done.

Configure an App ID for Push Notifications

Once an App ID is created, you need to configure it for push notifications.

  1. Select Settings to configure Push Notifications for your App ID.

  2. Select the check box to activate Push Notifications for the App ID, then select Create Certificate.

  3. You see the Apple Push Notification service SSL Certificate Assistant screen. Select Continue.

  4. Select Choose File to locate the Certificate Request file that you saved earlier. Select Generate.


  1. Your SSL Certificate is now generated. Select Continue and then Done.

The same process as outlined above applies when generating the production certificate.

Download the certificate

  1. Select Download.

  2. The SSL Certificate that you download is named aps_developer_identity.cer. Double-click on it to install it in the Keychain Access application.

    The SSL certificate is used by your provider application so that it can contact the APNs to send push notifications to your applications.

  3. Launch Keychain Assistant and from the login keychain, filter by the Certificates category.

Private Key Only
In the following step, ensure you only export the private key (child item) not the whole certificate. Only the private key is required for Inbox to connect to APNS.

  1. Expand the Apple Development/Production iOS Push Services option, and then right click on Apple Development iOS Push Services.
  2. Export Apple Development/Production iOS Push Services... . Save this as apns-dev-cert.p12.
  3. Enter the password for exporting.

    This is an optional field.


Create the provisioning profile

  1. Select Provisioning Profiles under iOS Apps.

  2. Select the + icon to create a new provisioning profile.

  3. Select the type of provisioning profile you need to create, then select Continue.

  4. Select the App ID you are creating the provisioning profile for.

  5. Select the certificates you want to include in this provisioning profile, then select Continue.

  6. Select the devices you want to include in this provisioning profile, then select Continue.

  7. Enter the Provisioning profile name then select Generate.

  8. After the generating of the Provisioning Profile is finished, a screen displaying the information and available options appears. Select Download.

You can download the Provisioning profile later. Open a list with all Provisioning profiles and select the required profile. Additional options become available.

  1. Open the downloaded profile file.

  2. Open your application in Xcode, go to Project structure, select *.plist file and make sure that the Bundle ID in your Xcode project's info.plist matches that of the Provisioning profile.


  3. Go to Build Settings > Code Signing > Code Sign Identity > Provisioning Profile and select your Provision Profile.


  4. Run the application.

Upload your APNS certificate

  1. Login to the Portal, select Channels and find the App Messaging section.

  2. Select the Apple icon, and then select APNS Certificates.

  3. Select the Upload certificate field.

  4. Select your certificate file in the file dialogue.

  5. Enter your certificates private key password, if set.

  6. Select Save.


Now ensure you have integrated the App Messaging SDK, so that you can test your settings.