To enable communication between a provider and a device, the Apple Push Notification Service (APNS) must expose port 443. To ensure security, it must also regulate access to this entry point. For this purpose, APNS requires two different levels of trust for providers, devices, and their communications. These are known as connection trust and token trust.
- Connection trust establishes certainty that, on one side, the APNS connection is with an authorized provider with whom Apple has agreed to deliver notifications. On the device side of the connection, APNS must validate that the connection is with a legitimate device.
- Token trust is made possible through the device token. A device token is an opaque identifier of a device that APNS gives to the device when it first connects with it. The device shares the device token with its provider. Thereafter, this token accompanies each notification from the provider. It is the basis for establishing trust that the routing of a particular notification is legitimate. In a metaphorical sense, it has the same function as a phone number, identifying the destination of a communication.
