Menu
I've just learned about VAPID recently and have been looking around for the reasoning why it exists and what its purpose is. Mozilla's blog post explains that "including VAPID information will let us contact you if we see a problem", but I'm not exactly sure what they mean by this. Are they doing some sort of monitoring to prevent other people from mimicking your service?
971
What is VAPID? VAPID, which stands for Voluntary Application Server Identity, is a new way to send and receive website push notifications. Your VAPID keys allow you to send web push campaigns without having to send them through a service like Firebase Cloud Messaging (or FCM).
You'll need to create and provide a public and private key for your server. These keys must be safely stored and should not change. Click 'GENERATE' button to generate VAPID keys and use them to authenticate you. Based on the web-push-libs/web-push-php library.
The “vapid” authentication scheme allows a client to include its an identity in a signed token with requests that it makes. The signature can be used by the push service to attribute requests that are made by the same application server to a single entity.
The FCM Web interface uses Web credentials called "Voluntary Application Server Identification," or "VAPID" keys, to authorize send requests to supported web push services. To subscribe your app to push notifications, you need to associate a pair of keys with your Firebase project.
The abstract of the VAPID specification explains everything:
An application server can voluntarily identify itself to a push service using the described technique. This identification information can be used by the push service to attribute requests that are made by the same application server to a single entity. This can used to reduce the secrecy for push subscription URLs by being able to restrict subscriptions to a specific application server. An application server is further able to include additional information that the operator of a push service can use to contact the operator of the application server.
So there are two reasons for VAPID.
The first is to restrict the validity of a subscription to a specific application server (so, by using VAPID, only your server will be able to send notifications to a subscriber).
The second is to add more information to the push notification, so that the push service operator knows who is sending the notifications. If something is going wrong with your notifications, the operator knows who you are and can contact you. Moreover, they can offer you some kind of interface to monitor your push notifications.
174
Your VAPID keys allow your server to send web push message to browsers without using a service like Firebase Cloud Messaging or AWS.
For Example: Python Django. You can use Django-Webpush
pip3 install django-webpush
https://pypi.org/project/django-webpush/
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
