What is VAPID and why is it useful?

web-push vapid
16,640

Solution 1

The abstract of the VAPID specification explains everything:

An application server can voluntarily identify itself to a push service using the described technique. This identification information can be used by the push service to attribute requests that are made by the same application server to a single entity. This can used to reduce the secrecy for push subscription URLs by being able to restrict subscriptions to a specific application server. An application server is further able to include additional information that the operator of a push service can use to contact the operator of the application server.

So there are two reasons for VAPID.

The first is to restrict the validity of a subscription to a specific application server (so, by using VAPID, only your server will be able to send notifications to a subscriber).

The second is to add more information to the push notification, so that the push service operator knows who is sending the notifications. If something is going wrong with your notifications, the operator knows who you are and can contact you. Moreover, they can offer you some kind of interface to monitor your push notifications.

Solution 2

Your VAPID keys allow your server to send web push message to browsers without using a service like Firebase Cloud Messaging or AWS.

For Example: Python Django. You can use Django-Webpush

pip3 install django-webpush

https://pypi.org/project/django-webpush/

Share:
16,640

Related videos on Youtube

mattrick
Author by

mattrick

Updated on October 14, 2020

Comments

  • mattrick
    mattrick over 3 years

    I've just learned about VAPID recently and have been looking around for the reasoning why it exists and what its purpose is. Mozilla's blog post explains that "including VAPID information will let us contact you if we see a problem", but I'm not exactly sure what they mean by this. Are they doing some sort of monitoring to prevent other people from mimicking your service?

  • mattrick
    mattrick over 7 years
    Thanks for the answer! What exactly would a push service be looking for to go wrong when monitoring a subscription?
  • Marco Castelluccio
    Marco Castelluccio over 7 years
    For example, if you start sending a lot of push notifications, more than usual, because there's a bug in your code, the push service can detect that and let you know.
  • Flimm
    Flimm about 7 years
    Is the email address in the claim ever confirmed? How does Mozilla or Google know that the email address belongs to the person sending the claim?
  • Marco Castelluccio
    Marco Castelluccio about 7 years
    It doesn't need to be confirmed, if you are using VAPID you are signing your push message, so it was definitely sent by you (unless someone stole your secret key).
  • Alex028502
    Alex028502 over 2 years
    I read that too, except that I have sent myself a push notification with no vapid keys, and not service like firebase cloud messaging or aws... So I think something might be missing with this comparison.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Google Chrome: DOMException: Registration failed - manifest empty or missing
Firebase FCM notifications add action button
OneSignal subscribe user through web page using web-push-sdk
How to get push message events like click,close,show with firebase cloud messaging
Web Push Notification: How to use Web Push PHP Library?
How can I do push notifications in an HTML5 Web application?
Open a custom url when clicking on a web push notification
Service Worker Registration Failed
Asp Net Core Web Push Notifications
Chrome Push Notification: This site has been updated in the background