Understanding web push notifications
This is a general introduction to web push notifications. If you want to jump right in, you can read about Pushpad Pro or Pushpad Express.
The term Web Push Notifications (or simply Web Push, Web Notifications) refers to a set of new technologies that allow websites to send push notifications. The notifications can be delivered by a website even when the user is not surfing that website (i.e. the website is closed). This is possible thanks to a combination of new standards, such as the W3C Push API, Service Workers, Web Notifications and the IETF WebPush Protocol.
The following sequence describes the subscription process and the delivery of web push notifications:
PushManager.subscribe()). If the user accepts to receive push notifications, then...
- The browser contacts its own push service (e.g. Mozilla autopush) to create a new "mailbox". A "mailbox" is a secret URL called endpoint. Anyone who knows that URL can send push notifications to that browser.
- When you need to send a notification, the server contacts the browser push service (e.g. Mozilla autopush) with an HTTP POST request. The request URL is the endpoint of the recipient.
- The browser is constantly connected to its own push service and fetches the new notifications.
- The service worker is activated by the push message and is responsible for displaying the web notifications to the user.
For stronger security a new protocol called VAPID has been introduced: when the website calls
PushManager.subscribe(), it also provides a public key (the corresponding private key is kept on the server). The new endpoint can be used only if you can sign the push requests with the private key.
Safari doesn't support the standard yet. However Safari (desktop) supports a proprietary method based on APNs.