APNS hostnames and ports
Used to send APNS notifications
Production:
Development:
Used by device to establish a tunnel to APNS
x-courier.push.apple.com TCP 5223 (x is a small integer i.e. 5-courier.push.apple.com)
If above is not available x-courier.push.apple.com TCP 443
All of the above hostnames resolve to an ip within the following range
17.0.0.0/8
References:
Troubleshooting push notifications: Technical Note TN2265: Troubleshooting Push Notifications
Local and remote notification guide: https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Appendixes/BinaryProviderAPI.html
If you’re not getting Apple push notifications: If your Apple devices aren't getting Apple push notifications - Apple Support (NZ)
1 Like
The above largely refers to the legacy binary APNS interface
Apple have since moved to a more modern messaging method, however the binary interface is still available (and is still used by most MDM vendors).
Some of the MDM vendors (i.e. MobileIron) have adopted the “new” APNS.
Production:
Development:
This new interfaces leverages HTTP and JSON payloads to send messages to devices.
HTTP status codes
Status code |
Description |
200 |
Success. |
400 |
Bad request. |
403 |
There was an error with the certificate or with the provider’s authentication token. |
405 |
The request used an invalid :method value. Only POST requests are supported. |
410 |
The device token is no longer active for the topic. |
413 |
The notification payload was too large. |
429 |
The server received too many requests for the same device token. |
500 |
Internal server error. |
503 |
The server is shutting down and unavailable. |
Response error strings
Status code |
Error string |
Description |
400 |
BadCollapseId |
The collapse identifier exceeds the maximum allowed size. |
400 |
BadDeviceToken |
The specified device token is invalid. Verify that the request contains a valid token and that the token matches the environment. |
400 |
BadExpirationDate |
The apns-expiration value is invalid. |
400 |
BadMessageId |
The apns-id value is invalid. |
400 |
BadPriority |
The apns-priority value is invalid. |
400 |
BadTopic |
The apns-topic is invalid. |
400 |
DeviceTokenNotForTopic |
The device token doesn’t match the specified topic. |
400 |
DuplicateHeaders |
One or more headers are repeated. |
400 |
IdleTimeout |
Idle time out. |
400 |
MissingDeviceToken |
The device token isn’t specified in the request :path. Verify that the :path header contains the device token. |
400 |
MissingTopic |
The apns-topic header of the request isn’t specified and is required. The apns-topic header is mandatory when the client is connected using a certificate that supports multiple topics. |
400 |
PayloadEmpty |
The message payload is empty. |
400 |
TopicDisallowed |
Pushing to this topic is not allowed. |
403 |
BadCertificate |
The certificate is invalid. |
403 |
BadCertificateEnvironment |
The client certificate is for the wrong environment. |
403 |
ExpiredProviderToken |
The provider token is stale and a new token should be generated. |
403 |
Forbidden |
The specified action is not allowed. |
403 |
InvalidProviderToken |
The provider token is not valid, or the token signature cannot be verified. |
403 |
MissingProviderToken |
No provider certificate was used to connect to APNs, and the authorization header is missing or no provider token is specified. |
404 |
BadPath |
The request contained an invalid :path value. |
405 |
MethodNotAllowed |
The specified :method isn’t POST. |
410 |
Unregistered |
The device token is inactive for the specified topic. |
413 |
PayloadTooLarge |
The message payload is too large. For information about the allowed payload size, see Create and Send a POST Request to APNs. |
429 |
TooManyProviderTokenUpdates |
The provider’s authentication token is being updated too often. Update the authentication token no more than once every 20 minutes. |
429 |
TooManyRequests |
Too many requests were made consecutively to the same device token. |
500 |
InternalServerError |
An internal server error occurred. |
503 |
ServiceUnavailable |
The service is unavailable. |
503 |
Shutdown |
The APNs server is shutting down. |
Official Apple documentation below
https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/sending_notification_requests_to_apns
Apple have updated the APNS documentation now the entire 17.0.0.0/8 block is not required
If you can’t allow access to the entire 17.0.0.0/8 address block, open access via the same ports to these network ranges on IPv4 or IPv6:
IPv4
- 17.249.0.0/16
- 17.252.0.0/16
- 17.57.144.0/22
- 17.188.128.0/18
- 17.188.20.0/23
IPv6
- 2620:149:a44::/48
- 2403:300:a42::/48
- 2403:300:a51::/48
- 2a01:b740:a42::/48
Apple will be shutting down the “legacy” binary APNS provider on March 31 2021
Updated APNs provider API deadline
The HTTP/2-based Apple Push Notification service (APNs) provider API lets you take advantage of great features, such as authentication with a JSON Web Token, improved error messaging, and per-notification feedback. If you send push notifications with the legacy binary protocol, we strongly recommend upgrading to the APNs provider API.
To give you additional time to prepare, the deadline to upgrade to the APNs provider API has been extended to March 31, 2021. APNs will no longer support the legacy binary protocol after this date.
Updated APNs provider API deadline - News - Apple Developer