Today, I built the push notification engine for my Serverless AI Financial Agent. The goal was simple: if a user spends >100 EUR in a day, hit their iPhone with an alert and update their Home Screen widget.
Getting AWS Lambda to talk to APNs (Apple Push Notification service) requires authorization.
The Mistake You Are Probably Making:
Generating a .pem certificate in the Apple Developer Portal. These expire every year, requiring manual intervention, and they force you to manage separate certs for Sandbox and Prod.
The Architecture Fix:
Use Token-Based Authentication (.p8).
- Generate a .p8 Auth Key in the Apple Developer portal. It is Team-Scoped and never expires.
- Go to AWS SNS -> Push notifications.
- Create a Platform Application (Apple iOS/VoIP/Mac).
- Choose Token for authentication (not Certificate).
- Paste your Key ID, Team ID, Bundle ID, and the .p8 file.
Now, your AWS Lambda doesn't need to struggle with APNs connections. It just fires an event:
Lambda just publishes to SNS. SNS handles Apple.
sns.publish(
TargetArn=os.environ['APNS_SANDBOX_PLATFORM_APPLICATION_ARN'],
Message=json.dumps(apns_payload),
MessageStructure='json'
)
Widget Syncing Issue:
iOS heavily sandboxes processes. If your app receives the push notification, your Widget cannot read the new data.
To fix this, you must configure an App Group (e.g., group.com.yourcompany.app). This creates a shared memory space. The main app receives the SNS push, writes the new spending limit to the App Group's UserDefaults, and the Widget reloads its timeline reading from that exact same shared space.
Stop managing certificates. Start building scalable infrastructure.
Top comments (0)