To enable communication between a provider and a device, the Apple Push Notification Service (APNS) must
expose two standard ports (2195 and 2196). To ensure security, it must also regulate access
to these entry points. For this purpose, APNS requires two different levels of trust for providers,
devices, and their communications. These are known as connection trust and token trust.
- Connection trust establishes certainty that, on one side, the APNS connection is with an
authorized provider with whom Apple has agreed to deliver notifications. On the device side of the
connection, APNS must validate that the connection is with a legitimate device.
- Token trust is made possible through the device token. A device token is an opaque identifier of
a device that APNS gives to the device when it first connects with it. The device shares the device
token with its provider. Thereafter, this token accompanies each notification from the provider.
It is the basis for establishing trust that the routing of a particular notification is legitimate. In a
metaphorical sense, it has the same function as a phone number, identifying the destination of a
communication.