GuidesPush

Obtaining APN Credentials

Overview

To send push notifications to Apple devices and Safari browsers, you need Apple Push Notification service (APN) credentials. This guide walks you through creating an App ID, generating a push notification certificate, and extracting the credentials required by the Twilio Communications API.

Prerequisites

  • An Apple Developer account
  • Access to the Apple Developer Portal
  • macOS with Keychain Access
  • OpenSSL installed (included by default on macOS)

Register an App ID

If you already have an App ID configured with push notifications, skip to Create a certificate.

  1. Navigate to the Apple Developer Portal.

  2. Under Certificates, IDs & Profiles, select Identifiers. Select Identifiers

  3. Click the + button next to Identifiers. Click the plus button

  4. Select App IDs and click Continue. Create App ID

  5. Complete the App ID registration form with your app details.

Create a certificate

  1. In the Apple Developer Portal, select Certificates under Certificates, IDs & Profiles. Create certificate

  2. Click the + button next to Certificates. Click the plus button

  3. Select Apple Push Notification service SSL (Sandbox & Production) and click Continue. Select push certificate type

  4. Select your App ID from the dropdown menu.

  5. Create a Certificate Signing Request (CSR) by following Apple’s CSR guide.

  6. Upload your CSR file.

  7. Download the generated certificate.

Export the certificate

  1. Double-click the downloaded certificate to install it in Keychain Access.

  2. Open Keychain Access and locate the certificate. It will be named Apple Push Services: [your app id]. Right-click the certificate and select Export.

  3. Save the file as a .p12 file. This file contains both the certificate and private key.

Encode the credentials

The certificate and private key must be extracted from the .p12 file and base64 encoded before uploading to Twilio.

Extract and encode the certificate

Open a terminal in the directory the .p12 file is saved in and run:

$openssl pkcs12 -in cred.p12 -nokeys -nodes -legacy | openssl x509 | base64 -b 0

Replace cred.p12 with the actual filename of your exported certificate.

Extract and encode the private key

$openssl pkcs12 -in cred.p12 -nocerts -nodes -legacy | openssl rsa | base64 -b 0

Replace cred.p12 with the actual filename of your exported certificate.

Upload credentials to Twilio

Use the base64-encoded strings as the certificate and privateKey values when creating your APN credential:

$curl -X POST 'https://comms.twilio.com/preview/PushNotifications/Credentials' \
>--header 'Content-Type: application/json' \
>--data '{
>    "credentialType": "APN",
>    "content": {
>        "certificate": "your_base64_encoded_certificate",
>        "privateKey": "your_base64_encoded_key"
>    },
>    "appName": "your_app_name"
>}' \
>-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Next steps