Apple Push Notification Key
Service Name: Apple Push Notification Service (APNs)
Service Description: Apple Push Notification service (APNs) is a platform notification service that enables third-party app developers to send notification data to applications installed on Apple devices.
Service Address: https://developer.apple.com/notifications/
Validation Type: API Auth
IP Allow list: Does not exist at the key level, but Apple maintains a list of IP addresses for APNs servers that you should whitelist.
Secret Access Scope: Grants the ability to send push notifications to iOS, iPadOS, macOS, tvOS, and watchOS devices through Apple's Push Notification service.
Secret Revokement URL: https://developer.apple.com/account/resources/authkeys/list
Secret Example: MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgPaXyFvZfNydDEjxgjUCUxyGjXc QxiulEdGxoVbasV3GgCgYIKoZIzj0DAQehRANCAASLvYXL3HE1PxCM2qAzA6iUUwVmvKGRvafB4 KpVhbnrtuSXwruUGXMNRIr3K5UA6odCPsxB5U9CG0cKZdWvtw3X
Suspicious Activity Investigation Instructions:
- Review APNs feedback service for delivery failures or errors
- Check your app's server logs for unusual notification sending patterns
- Monitor Apple Developer account for unauthorized key creation or modifications
- Analyze notification sending metrics for unexpected spikes or patterns
- Review device token registrations for suspicious patterns
Mitigation Instructions:
- Log in to your Apple Developer account at
https://developer.apple.com/account/
- Navigate to "Certificates, Identifiers & Profiles" section
- Select "Keys" from the left sidebar
- Locate the compromised key in the list
- Click on the key and select "Revoke"
- Confirm the revocation
- Generate a new key for your application
- Update your server configuration with the new key
- Deploy the updated configuration to your notification servers
- Verify that notifications are working properly with the new key