'Can you refresh APNS Server Tokens on multiple servers (Dev, UAT, LIVE)

My question has been asked on Apple Developer Forums, but I've seen these sort of APNS push questions left unanswered for four years. I don't have the luxury to wait so I've cross-posted here 🤞

Apple state the following:

Refresh Your Token Regularly. For security, APNs requires you to refresh your token regularly. Refresh your token no more than once every 20 minutes and no less than once every 60 minutes. APNs rejects any request whose token contains a timestamp that is more than one hour old. Similarly, APNs reports an error if you recreate your tokens more than once every 20 minutes. On your provider server, set up a recurring task to recreate your token with a current timestamp. Encrypt the token again and attach it to subsequent notification requests. We use an Azure Function to send push notifications and a scheduled cron-like function to refresh the APNS server tokens.

I originally had a problem because I didn't use a separate HTTP connection for each team ID, this caused some HTTP 403 InvalidProviderToken errors.

I have multiple environments (Dev, UAT, LIVE) and disabled all but LIVE believing that they could be interfering with each other contributing to the #403 error.

Each environment creates their APNS tokens every 51 minutes, each push from that environment uses that token until refreshed.

Will Apple only accept the most recent token used in a push and therefore reject any tokens used on other environments until refreshed on that environment?

For example, assuming each server starts up one minute after each other and sends a push every minute after 5 minutes...

T+0:00 - DEV Booted, Refresh DEV Token (Token A)
T+1:00 - UAT Booted, Refresh UAT Token (Token B)
T+2:00 - LIVE Booted, Refresh LIVE Token (Token C)
...
T+5:01 - Push on DEV (Token A)
T+5:02 - Push on UAT (Token B)
T+5:03 - Push on LIVE (Token C)

LIVE will work because it has the latest APNS token (C), but would DEV and UAT be rejected with a 403 because the token isn't the latest, or would all three work because the lease of the token is supposed to last 60 minutes?

In other words if a push uses a new token does that invalidated all other tokens?

Very much related, presumably I would then hit 429 TooManyProviderTokenUpdates as the three environments could startup at the same time and attempt the refresh in the first minute violating the 'no more than 20 minutes' rule?

I believe the Sandbox and LIVE APNS environments are okay to refresh at the same time.

Thanks, Rob.



Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source