APNS P8 Key
Service Name: Apple Push Notification Service
Service Description: Apple Push Notification service (APNs) is Apple's cloud service that enables third-party application developers to send push notifications to iOS, iPadOS, macOS, watchOS, and tvOS devices.
Service Address: https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants the ability to send push notifications to Apple devices through the Apple Push Notification service. The P8 key specifically is a token-based authentication method that replaced the older certificate-based method.
Secret Revokement URL: https://developer.apple.com/account/resources/authkeys/list
Secret Example: MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgPaXyFvZfNydDEjxgjUCUxyGjXcQxiulEdGxoVbasV3GgCgYIKoZIzj0DAQehRANCAASLTGMPm7YgCqh0S1qQtqy71Qu4pWa8XQK+jzYvdKGq0/0+kMHwdJHvVQONMtA3f1mg2xaQP1QYkHKUfyRuZ2Hd
Suspicious Activity Investigation Instructions:
- Review Apple Developer account for unauthorized key creation or modifications
- Check APNs logs for unusual notification patterns or volumes
- Monitor for unexpected push notifications being sent to user devices
- Review application server logs for unauthorized APNs API calls
- Verify if the compromised key is being used from unexpected IP addresses or locations
Mitigation Instructions:
- Log in to your Apple Developer account at https://developer.apple.com/account/
- Navigate to "Certificates, Identifiers & Profiles" section
- Select "Keys" from the left sidebar
- Locate the compromised P8 key
- Click the "Revoke" button next to the key
- Confirm the revocation
- Generate a new P8 key for your application
- Update your server configuration with the new key
- Verify that push notifications are working correctly with the new key