I am developing an iOS app that uses App Store Server API (v2) for auto-renewable subscriptions. I noticed a discrepancy between the expiration date returned by the API and the date displayed in iPhone Settings > Subscriptions: App Store Server API expiresDate: 2025-09-12T12:10:25 (KST) iOS Settings > Subscriptions: 2025-09-11 (one day earlier) My understanding: The API’s expiresDate is the precise UTC timestamp. The Settings UI might display the "last full calendar day" for UX purposes. Questions: Is this behavior (UI showing one day earlier) an intentional Apple policy? If so, is there any official documentation or guideline explaining this behavior? Should developers always rely on the API’s expiresDate for subscription state management? This discrepancy is confusing for both developers and end users, so any clarification or official reference would be greatly appreciated.

Hello, I am developing a calling service using CallKit and VOIP push. I have occasionally encountered a strange issue. The issue is that VOIP permanently fails to receive calls. I was previously informed that even if the device is blocked, it can receive calls again after 24 hours. Also, when I checked the device logic, it complied with the policy requirements set by Apple, including correctly calling CallKit's reportNewIncomingCall method. Once the issue occurs, no matter how many times I try, VOIP does not receive calls, and neither a device reboot nor checking the Device Console Log shows any logs related to CallKit or VOIP. I suspect this might be an issue with the VOIP token, and I believe that the only way to get a new one is to reinstall the app. Is that correct? Of course, after reinstalling, it works fine again, but this is very inconvenient. I don't think this is the right solution. Is there anyone who can share their insights on this issue? Thank you.

You are probably aware of the upcoming root certificate change for any servers you might have that you use to send push notifications by connection to APNs. If you are not, here is the announcement. We have been getting some questions about this, and understand not everyone is familiar with their server setup. First, we would like to clarify that this is only a change to your server's certificate trust store. You do not need to update anything else, like your APNs push certificates, the build certificates and provisioning profiles for your team/app, and so on. All you need to do is to install the mentioned new root certificate to your push server's trust store. If you are using a 3rd party push provider, it is them who will need to handle their servers. But you may want to double check with them nevertheless. If you are managing your own push servers that connect to APNs directly, then it is your responsibility to download and install the root certificate mentioned in the above link on your server(s). Unfortunately we cannot provide specific instructions on how to install this root certificate on every kind of server out there. Each server operating system/push server software will have different ways these root certificates are installed, which is out of scope of our support abilities. If you are not sure how to do this, I would recommend you seek help for this from your server-side developers or server admins. Or, if you don't have access to such resources, you can ask the support channels for your system the question: How do I install a root certificate? We have setup a test server at 17.188.143.34:443 that you can use to try and send pushes to test whether your new root certificate is correctly installed. An alternative way to test this would be, from a terminal prompt: openssl s_client -connect 17.188.143.34:443 -servername api.sandbox.push.apple.com -verifyCAfile USERTrustRSACertificationAuthority.crt -showcerts Change the parameter to the -verifyCAfile argument to point to your trust store, and it should allow you to validate Sample return results would be: Connecting to 17.188.143.34 CONNECTED(00000003) depth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority verify return:1 depth=1 CN=Apple Public Server RSA CA 11 - G1, O=Apple Inc., ST=California, C=US verify return:1 depth=0 C=US, ST=California, O=Apple Inc., CN=api.sandbox.push.apple.com verify return:1 Argun Tekant /  DTS Engineer / Core Technologies

I wanted to know if Apple ever supported displaying a red dot on notificationswith no indication number.

Hi Apple team and fellow developers, We previously had Location Push Service Extension enabled and working in production. After transferring the app to a new Apple Developer team, the production App ID was transferred, but the Location Push entitlement was not retained. We've also created a new App ID for development, and now need Location Push access enabled for both the transferred production ID and the new development ID. We’ve already submitted the Location Push Access form with all relevant details. Unfortunately, the App Transfer documentation didn’t make it clear that Location Push access would be lost, and now we’re blocked from making new builds — even for the existing production app. ❓ Questions: Is it possible to re-enable Location Push for a transferred App ID? What’s the expected timeline for entitlement approval? Can Apple staff confirm the request status or let us know if any further action is needed? Thanks in advance — this entitlement is critical for our app’s functionality and release pipeline. Best, Aidar

We’re sending PTT notifications from our server and are receiving HTTP 403 from APNs for certain phones with the reason field BadEnvironmentKeyInToken. I can’t find this reason documented in Apple’s public error list. I’d like to confirm what this error specifically means and how to resolve it. Any guidance or clarification would be greatly appreciated. Thank you. Here is the document I was referring to. https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html

I’m building a standalone Apple Watch smart alarm app that should trigger alarms on the watch in response to Bluetooth or internet events. This means the app operates in the background and attempts to trigger an alarm when such an event occurs. As far as I know, the appropriate API for this is WKExtendedRuntimeSession.notifyUserWithHaptic:repeatHandler. However, I can’t seem to start an extended runtime session while the app is in the background. I’m getting the following error: -[WKExtendedRuntimeSession _invalidationReasonAndDelegateCallbackErrorForError:outCallbackError:]:729: WKExtendedRuntimeSession hit internal error. Error Domain=com.apple.CarouselServices.SessionErrorDomain Code=17 "startSession cannot be called on a scheduled session" UserInfo={NSLocalizedDescription=startSession cannot be called on a scheduled session} Calling notifyUserWithHaptic directly also similarly fails. It seems notifyUserWithHaptic is intended to be scheduled during a foreground session to trigger at a later time, rather than being called ad hoc from a background context. Is there any way to create a proper alarm view on the Apple Watch from a background execution context?

Is it possible to display a live activity on the lock-screen without a dynamic island? Or at least without expanding the dynamic island more than just for a small icon? struct SomeWidgetLiveActivity: Widget { var body: some WidgetConfiguration { ActivityConfiguration(for: SomeAttributes.self) { context in } dynamicIsland: { context in DynamicIsland { DynamicIslandExpandedRegion(.leading) { // Seems to be mandatory, any way around it? } } compactLeading: { } compactTrailing: { } minimal: { } } I couldn't quite find a way. Thank you

Is there a public method to know when an APNS has appeared on the screen? wrapping up a very high end photogrammetry app, using the front facing camera and screen illumination- incoming notifications completely throw off the math. Ideally, it would be great to turn on Do Not Disturb for the short process, but we’d settle for just the detection of the notification banner. also: extra credit - programattically adjusting Auto Dimming, and True Tone would be lovely too.

Hello, I'am trying to validate a new app from apple. I have configured sandbox url and production url for server to server apple store notification. I have created subscriptions product id, but there are no validated yet by apple. When I upload my app to testflight, I can't test sandbox notification cause the product id are not available, on local xcode with storekit file I got my product Id but I don't receive notification. So my question is how can I test there thing. I have to produce fake product id ? I'm lock its very complex process, I don't understand. I tried to send my app like that for verification but the team told me to use receipt, but its deprecated and notification webhook is better for me. What is the good order, validate my subscription product ID then test ? what is the good steps. Apple seems to don't want validate my subscription product ID I'm lock..

I’m getting calls from Pakistan every hour. I cant block them because it’s a different number every time. I have downloaded the new beta version of the upcoming software update and it allows you to set to ask a question before unknown callers ring through. It’s not working and my phone is constantly ringing. I can’t block unknown callers as I use my phone for work. How can I silence ringing from calls specifically from Pakistan Using the country code?

Hi, We are using Firebase to configure APNs (Apple Push Notification Service) for sending push notifications. During local testing, the push notifications are received properly when the app is in the foreground or background. After TestFlight testing and passing review, we found that when the app is installed using the developer's Apple ID, push notifications are received correctly whether the app is in the foreground or background. However, when the app is provided to other testers (using non-developer Apple IDs), notifications are only received when the app is in the foreground, and they are not triggered when the app is in the background or inactive state. Request for Assistance: Why, after TestFlight testing and passing review, does the app receive push notifications properly in the background when installed using the developer's Apple ID, but on other testers' devices, notifications are not received when the app is in the background? Are there any differences in Apple ID types or device configurations (developer ID vs. regular tester ID) that could affect the behavior of push notifications in the background mode? Do we need to apply any additional settings or permissions, particularly for handling background push notifications? Are there any iOS version or device-specific limitations that could impact the proper delivery of background push notifications? Additional Information: The app is properly configured for APNs, and push notifications are being sent via Firebase. In the developer's Apple ID test environment, the app receives push notifications properly whether it is in the foreground or background. On other testers' devices, push notifications are only received when the app is in the foreground, and they are not received when the app is in the background. All test devices have been verified to have notification permissions enabled, and Firebase configuration is correct.

self.pushRegistry = [[PKPushRegistry alloc] initWithQueue:dispatch_get_main_queue()]; self.pushRegistry.delegate = self; self.pushRegistry.desiredPushTypes = [NSSet setWithObject:PKPushTypeVoIP]; //处理接收到的VoIP推送 (void)pushRegistry:(PKPushRegistry *)registry didReceiveIncomingPushWithPayload:(PKPushPayload *)payload forType:(PKPushType)type withCompletionHandler:(void(^)(void))completion then we send message from our server or from apple's cloud service: https://icloud.developer.apple.com/dashboard/notifications website services: when app is in foreground,withCompletionHandler wil be called correctly,but when app is in background or has killed ,withCompletionHandler not be called!!! the background fetch、voice over ip is checked in signing & capabilities tabs why?why?why?why?why?why?why?why?why?

I’m building a firefighter app that needs to automatically check in a firefighter when they arrive at the station and check them out when they leave — even if the app is killed. We need reliable enter/exit detection, low latency, and only one fixed location per user. We’re evaluating Region Monitoring, which works in the killed state but may introduce delays and inconsistent accuracy. To ensure mission-critical reliability, we are considering the Location Push Service Extension, since it can fetch precise location on demand and wake the extension even when the app is terminated. Before requesting the restricted entitlement, we need clarification on Apple’s expectations: Is Region Monitoring recommended for this fixed-location use case? Would Apple consider approving the Location Push Service Extension for a public-safety workflow? What prerequisites do we need before submitting the entitlement request (Always permission, prototype, privacy disclosures, etc.)? What details should be included in the justification form? Our goal is to follow the most reliable and Apple-approved approach for firefighter check-in/out. Any guidance would be greatly appreciated.

When subscription renewing , can do purchase_date faster than notification_date quickly? I received my app user purchase notification this purchase date is 2025-08-31 06:42:54(UTC) but notification date is 2025-08-30 22:45:01(UTC) how can you do this? I can't understand it please let me explain

We integrated App Store Server notification, to get notified about CONSUMPTION_REQUESTS and REFUND notifications. In the data, we noticed same transactionId have multiple REFUND decisions, usually REFUND_DECLINED and then REFUND. Why is that? Did user contact customer support ? For the second (or later) REFUND decision, CONSUMPTION_REQUEST notifications are usually not sent, but thats not always the case. Sometimes, REFUND decision are the same. Sometimes, we get even 3 or more REFUND related notifications for same transactionId, e.g: 2024-12-02: REFUND_DECLINED 2024-12-05: REFUND_DECLINED 2024-12-12: REFUND Do user request refund again ? Do they contact customer support ? But I can not explain why sometimes status it REFUND at first, but then later REFUND_DECLINED. Thank you already in advance:)

sending the following POST request: ---- HTTP REQUEST ---- POST https://appleid.apple.com/auth/token Headers: Content-Type: application/x-www-form-urlencoded Body: client_id=au.com.thejlrguy.businesschat&client_secret=eyJhbGciOiJFUzI1NiIsImtpZCI6IktLUDc4MkhGVTcifQ.eyJ...QeDn7ug&grant_type=client_credentials&scope=https%3A%2F%2Fappleid.apple.com Getting the below error: {"error":"invalid_client"} The private key used to sign the JWT was created 24 hours ago.

Hi Team, We are building oru subscrption app and want to rely on server side purchase / subscription related notifications. We went through https://developer.apple.com/documentation/appstoreservernotifications/enabling-app-store-server-notifications We wanted to understand the reliability and latency for server side notifciations provided by Appstore.

Problem We have successfully set up push notifications using Apple APN service, that is push notifications work when using a token generated using the JSON Web Token Generator in the Push Notification console. However, we get an "InvalidProviderToken" error when creating using our own token using the following code. The Key and TeamID is definitely correct (obviously, censored in the below code). When pasting our token in the JSON Web Token Validator in the Push Notification console we get the error „Invalid signing key“. We merely pasted our secret key in our setNewTokenIfNeeded code, separated on four lines using the “““ style. Does anyone know why this error happens? Given that it works when we upload our .p8 file to the JSON Web Token Generator and we simply paste the text of this file (excluding the lines with "-----BEGIN/END PRIVATE KEY-----") I guess our secret key is correct? Code to generate token fileprivate var currentToken: String? fileprivate var currentTokenCreateTime: Date? fileprivate func setNewTokenIfNeeded() { // Ensure, token is at least 20 minutes but at most 60 minutes old if let currentTokenCreateTime = currentTokenCreateTime { let ageOfTokenInSeconds = abs(Int(currentTokenCreateTime.timeIntervalSinceNow)) NSLog("Age of token: \(Int(ageOfTokenInSeconds / 60)) minutes.") if ageOfTokenInSeconds <= 20 * 60 { return } } // Generate new token NSLog("Renewing token.") let secret = """ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCABCABCABCABCABCABCABCABCABCABC+ABCABC+ABCABCABC+ABCABCAB/+ ABCABCAB """ let privateKey = SymmetricKey(data: Data(secret.utf8)) let headerJSONData = try! JSONEncoder().encode(Header()) let headerBase64String = headerJSONData.urlSafeBase64EncodedString() let payloadJSONData = try! JSONEncoder().encode(Payload()) let payloadBase64String = payloadJSONData.urlSafeBase64EncodedString() let toSign = Data((headerBase64String + "." + payloadBase64String).utf8) let signature = HMAC<SHA256>.authenticationCode(for: toSign, using: privateKey) let signatureBase64String = Data(signature).urlSafeBase64EncodedString() let token = [headerBase64String, payloadBase64String, signatureBase64String].joined(separator: ".") currentToken = token currentTokenCreateTime = Date() } fileprivate struct Header: Encodable { let alg = "ES256" let kid: String = "ABCABCABC" // Key (censored here) } fileprivate struct Payload: Encodable { let iss: String = "ABCABCABC" // Team-ID (censored here) let iat: Int = Int(Date().timeIntervalSince1970) } extension Data { func urlSafeBase64EncodedString() -> String { return base64EncodedString() .replacingOccurrences(of: "+", with: "-") .replacingOccurrences(of: "/", with: "_") .replacingOccurrences(of: "=", with: "") } } Code to send the push notification func SendPushNotification(category: ConversationCategory, conversationID: UUID, title: String, subTitle: String?, body: String, devicesToSendTo: [String]) { // Für alle Felder s. https://developer.apple.com/documentation/usernotifications/generating-a-remote-notification let payload = [ "aps": [ "alert": [ "title": title, "subtitle" : subTitle ?? "", "body": body ], "category" : category.rawValue, "mutable-content": 1 ], "conversationID": conversationID.uuidString ] as [String : Any] // Ggf. Token setzen setNewTokenIfNeeded() guard let currentToken = currentToken else { NSLog("Token not initialized.") return } NSLog(currentToken) // Notification an alle angegebenen Devices schicken let bundleID = "com.TEAMID.APPNAME" for curDeviceID in devicesToSendTo { NSLog("Sending push notification to device with ID \(curDeviceID).") let apnServerURL = "https://api.sandbox.push.apple.com:443/3/device/\(curDeviceID)" var request = URLRequest(url: URL(string: apnServerURL)!) request.httpMethod = "POST" request.allHTTPHeaderFields = [ "authorization": "bearer " + currentToken, "apns-id": UUID().uuidString, "apns-topic": bundleID, "apns-priority": "10", "apns-expiration": "0" ] request.httpBody = try! JSONSerialization.data(withJSONObject: payload, options: .prettyPrinted) URLSession(configuration: .ephemeral).dataTask(with: request) { data, response, error in if let error = error { NSLog(error.localizedDescription) } if let data = data { NSLog(String(data: data, encoding: .utf8)!) } }.resume() } } On a similar note, some people seem to encounter this error when using the prettyPrinted option for the JSON serialization (i.e., in request.httpBody = try! JSONSerialization.data(withJSONObject: payload, options: .prettyPrinted). Could this be the culprit, given our secret key contains „/„ and „+“? Many thanks!

Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.