Windows Push Notification Services (WNS) overview (Windows Runtime apps)

Applies to Windows and Windows Phone

The Windows Push Notification Services (WNS) enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.

How it works

The following diagram shows the complete data flow involved in sending a push notification. It involves these steps:

  1. Your app sends a request for a push notification channel to the Notification Client Platform.
  2. The Notification Client Platform asks WNS to create a notification channel. This channel is returned to the calling device in the form of a Uniform Resource Identifier (URI).
  3. The notification channel URI is returned by Windows to your app.
  4. Your app sends the URI to your own cloud service. This callback mechanism is an interface between your own app and your own service. It is your responsibility to implement this callback with safe and secure web standards.
  5. When your cloud service has an update to send, it notifies WNS using the channel URI. This is done by issuing an HTTP POST request, including the notification payload, over Secure Sockets Layer (SSL). This step requires authentication.
  6. WNS receives the request and routes the notification to the appropriate device.

Push notification registration, authentication, and data flow

Registering your app and receiving the credentials for your cloud service

Before you can send notifications using WNS, your app must be registered with the Windows Store Dashboard. This will provide you with credentials for your app that your cloud service will use in authenticating with WNS. These credentials consist of a Package Security Identifier (SID) and a secret key. To perform this registration, go the the Windows Dev Center and select Dashboard.

Each app has its own set of credentials for its cloud service. These credentials cannot be used to send notifications to any other app.

For more details on how to register your app, please see How to authenticate with the Windows Notification Service (WNS).

Requesting a notification channel

When an app that is capable of receiving push notifications runs, it must first request a notification channel through the CreatePushNotificationChannelForApplicationAsync. For a full discussion and example code, see How to request, create, and save a notification channel. This API returns a channel URI that is uniquely linked to the calling application and its tile, and through which all notification types can be sent.

After the app has successfully created a channel URI, it sends it to its cloud service, together with any app-specific metadata that should be associated with this URI.

Important notes

  • We do not guarantee that the notification channel URI for an app will always remain the same. We advise that the app requests a new channel every time it runs and updates its service when the URI changes. The developer should never modify the channel URI and should consider it as a black-box string. At this time, channel URIs expire after 30 days. Apps that will periodically renew their channel in the background can follow the pattern demonstrated in the Push and periodic notifications sample.
  • The interface between the Windows Store app and the cloud service is implemented by you, the developer. We recommend that the app go through an authentication process with its own service and transmit data over a secure protocol such as HTTPS.
  • It is important that the cloud service always ensures that the channel URI uses the domain "notify.windows.com". The service should never push notifications to a channel on any other domain. If the callback for your app is ever compromised, a malicious attacker could submit a channel URI to spoof WNS. Without inspecting the domain, your cloud service could be potentially disclose information to this attacker unknowingly.
  • If your cloud service attempts to deliver a notification to an expired channel, WNS will return response code 410. In response to that code, your service should no longer attempt to send notifications to that URI.

Authenticating your cloud service

To send a notification, the cloud service must be authenticated through WNS. The first step in this process occurs when you register your app with the Windows Store Dashboard. During the registration process, your app is given a Package security identifier (SID) and a secret key. This information is used by your cloud service to authenticate with WNS.

The WNS authentication scheme is implemented using the client credentials profile from the OAuth 2.0 protocol. The cloud service authenticates with WNS by providing its credentials (Package SID and secret key). In return, it receives an access token. This access token allows a cloud service to send a notification. The token is required with every notification request sent to the WNS.

At a high level, the information chain is as follows:

  1. The cloud service sends its credentials to WNS over HTTPS following the OAuth 2.0 protocol. This authenticates the service with WNS.
  2. WNS returns an access token if the authentication was successful. This access token is used in all subsequent notification requests until it expires.

Cloud service to WNS communication

In the authentication with WNS, the cloud service submits an HTTP request over Secure Sockets Layer (SSL). The parameters are supplied in the "application/x-www-for-urlencoded" format. Supply your Package SID in the "client_id" field and your secret key in the "client_secret" field. For syntax details, see the access token request reference.

Note  This is just an example, not cut-and-paste code that you can successfully use in your own code.


 POST /accesstoken.srf HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 Host: https://login.live.com
 Content-Length: 211
 
 grant_type=client_credentials&client_id=ms-app%3a%2f%2fS-1-15-2-2972962901-2322836549-3722629029-1345238579-3987825745-2155616079-650196962&client_secret=Vex8L9WOFZuj95euaLrvSH7XyoDhLJc7&scope=notify.windows.com

The WNS authenticates the cloud service and, if successful, sends a response of "200 OK". The access token is returned in the parameters included in the body of the HTTP response, using the "application/json" media type. After your service has received the access token, you are ready to send notifications.

The following example shows a successful authentication response, including the access token. For syntax details, see Push notification service request and response headers.


 HTTP/1.1 200 OK   
 Cache-Control: no-store
 Content-Length: 422
 Content-Type: application/json
 
 {
     "access_token":"EgAcAQMAAAAALYAAY/c+Huwi3Fv4Ck10UrKNmtxRO6Njk2MgA=", 
     "token_type":"bearer"
 }

Important notes

  • The OAuth 2.0 protocol supported in this procedure follows draft version V16.
  • The OAuth Request for Comments (RFC) uses the term "client" to refer to the cloud service.
  • There might be changes to this procedure when the OAuth draft is finalized.
  • The access token can be reused for multiple notification requests. This allows the cloud service to authenticate just once to send many notifications. However, when the access token expires, the cloud service must authenticate again to receive a new access token.

Sending a notification

Using the channel URI, the cloud service can send a notification whenever it has an update for the user.

The access token described above can be reused for multiple notification requests; the cloud server is not required to request a new access token for every notification. If the access token has expired, the notification request will return an error. We recommended that you do not try resending your notification more than once if the access token is rejected. If you encounter this error, you will need to request a new access token and resend the notification. For the exact error code, see Push notification response codes.

  1. The cloud service makes an HTTP POST to the channel URI. This request must be made over SSL and contains the necessary headers and the notification payload. The authorization header must include the acquired access token for authorization.

    An example request is shown here. For syntax details, see Push notification response codes.

    For details on composing the notification payload, see Quickstart: Sending a push notification. The payload of a tile, toast, or badge push notification is supplied as XML content that adheres to their respective defined schemas. The payload of a raw notification does not have a specified structure. It is strictly app-defined.

    
     POST https://cloud.notify.windows.com/?token=AQE%bU%2fSjZOCvRjjpILow%3d%3d HTTP/1.1
     Content-Type: text/xml
     X-WNS-Type: wns/tile
     Authorization: Bearer EgAcAQMAAAAALYAAY/c+Huwi3Fv4Ck10UrKNmtxRO6Njk2MgA=
     Host: cloud.notify.windows.com
     Content-Length: 24
    
     <body>
     ....
    
  2. WNS responds to indicate that the notification has been received and will be delivered at the next available opportunity. However, WNS does not provide end-to-end confirmation that your notification has been received by the device or application.

The following image illustrates this data flow.

Cloud service to WNS communication

Important notes

  • WNS does not guarantee the reliability or latency of a notification.
  • Notifications should never include confidential or sensitive data.
  • To send a notification, the cloud service must first authenticate with WNS and receive an access token.
  • An access token allows a cloud service to send notifications to only the single app that the token was created for. One access token cannot be used to send notifications across multiple apps. Therefore, if your cloud service supports multiple apps, it must provide the correct access token for the app when pushing a notification to each channel URI.
  • When the device is offline, by default WNS will store up to five tile notifications (if queuing is enabled; otherwise, one tile notification) and one badge notification for each channel URI, and no raw notifications. This default caching behavior can be changed through the X-WNS-Cache-Policy header. Note that toast notifications are never stored when the device is offline.
  • In scenarios where the notification content is personalized to the user, WNS recommends that the cloud service send those updates immediately when they are received. Examples of this scenario include social media feed updates, instant communication invitations, new message notification, or alerts. Alternatively, you can have scenarios where the same generic update is frequently delivered to a large subset of your users; for example, weather, stock, and news updates. WNS guidelines specify that the frequency of these updates should be at most one every 30 minutes. The end user or WNS may determine more frequent routine updates to be abusive.

Expiration of tile and badge notifications

By default, tile and badge notifications expire three days from the time they are downloaded. When a notification expires, the content is removed from the tile or queue and is no longer shown to the user. It is a best practice to set an expiration on all tile and badge notifications, using a time that makes sense for your app, to ensure that your tile's content does not persist longer than it is relevant. An explicit expiration time is essential for content with a defined lifespan. It also assures the removal of stale content if your cloud service stops sending notifications, or if the user disconnects from the network for an extended period of time.

Your cloud service can set an expiration for each notification by setting the X-WNS-Expires HTTP header to specify the time (in seconds) that your notification will remain valid after it is sent. For more information, see Push notification service request and response headers.

For example, during a stock market's active trading day, you can set the expiration for a stock price update to twice that of your sending interval (such as one hour after receipt if you are sending notifications every half-hour). As another example, a news app might determine that one day is an appropriate expiration time for a daily news tile update.

Related topics

Push and periodic notifications sample
Quickstart: Sending a push notification
How to update a badge through push notifications
How to request, create, and save a notification channel
How to intercept notifications for running applications
How to authenticate with the Windows Push Notification Service (WNS)
Push notification service request and response headers
Guidelines and checklist for push notifications
Raw notifications

 

 

Show:
© 2014 Microsoft