Push Setup (APNs + FCM)
Configure APNs keys and FCM service-account credentials so Amba can deliver notifications to your users' devices.
Amba stores your APNs and FCM credentials encrypted, then loads them at send time. You configure them once per project; the rest is automatic.
What you need
iOS (APNs)
- An APNs Auth Key (
.p8) from Apple Developer → Keys → +, scope Apple Push Notifications service. - The key's Key ID (10 characters, shown next to the key).
- Your Team ID (top right of Apple Developer).
- The app's bundle identifier (e.g.
com.example.todoapp).
Android (FCM)
- A Firebase project linked to your app's package name.
- A service-account JSON with the
Firebase Cloud Messaging APIpermission (Firebase console → Project settings → Service accounts → Generate new private key).
Configure via MCP (recommended)
Configure via the Admin API
Use "environment": "sandbox" for development / TestFlight / Xcode builds, and "production" for App Store releases. The server rejects sandbox tokens against the production APNs endpoint (and vice versa), so this flag matters. "development" is accepted as an alias for "sandbox".
Config fields
These are the only fields each provider accepts — the same names whether you call MCP or the Admin API.
APNs
| Field | Required | Notes |
|---|---|---|
key_id | yes | 10-char Apple Key ID. |
team_id | yes | 10-char Apple Team ID. |
bundle_id | yes | Your app's bundle identifier. |
environment | yes | "sandbox" or "production" ("development" → "sandbox"). |
apns_key_p8 | yes* | Full .p8 file contents. Stored as an encrypted secret; never returned. |
FCM
| Field | Required | Notes |
|---|---|---|
service_account_json | yes* | Full service-account JSON (string or object). The FCM project id is read from it. Stored as an encrypted secret; never returned. |
* Pasting the credential inline is the recommended path — Amba stores it as an encrypted secret automatically. If you'd rather manage the secret yourself, set it first with amba_secrets_set and reference it instead: APNs accepts apns_key_secret_name (with key_id, team_id, bundle_id, environment); FCM accepts fcm_service_account_secret_name together with fcm_project_id. The credential material itself is never stored in the integration config either way.
Verify credentials
Once stored, trigger a POST /admin/integrations/:provider/test to validate credentials against the live provider before you try a real send:
Response on success:
For APNs and FCM the test path deliberately sends to an invalid token — a 400-class response proves the credentials themselves are good. A 401 / 403 from the provider surfaces as { valid: false }. An infra-level failure (malformed PEM, credential load error) returns 502 CREDENTIAL_LOAD_FAILED so you can tell a bad key from a bad environment.
Register device tokens
Tokens come from the platform SDK. In Expo:
Under the hood the client SDK calls:
Platform must be 'ios' or 'android'. The server infers the provider (apns / fcm) from the platform.
Send a test push
End-to-end validation — this sends a real notification through the same pipeline campaigns use.
Or target an explicit token:
On success you get { data: { sent: true, delivery_id, provider, provider_message_id } }. Provider-side failures surface as 502 with error.details.invalid_token so you can mark dead tokens.
Expo config plugin
You also need the iOS aps-environment entitlement. The @layers/amba-expo config plugin handles it:
Rebuild native after changing app.json (npx expo prebuild or npx expo run:ios). Push on iOS requires a development build — Expo Go cannot add custom entitlements.
Routes reference
| Method | Path | Description |
|---|---|---|
POST | /admin/integrations | Create / upsert APNs or FCM credentials |
GET | /admin/integrations | List configured integrations |
PATCH | /admin/integrations/:provider | Update config or toggle is_active |
POST | /admin/integrations/:provider/test | Validate credentials against the provider |
POST | /admin/push/test | One-off test push through the real stack |
POST | /client/push/tokens | SDK-side token registration |
Next
- Campaigns — create + send targeted pushes.
- Payload contract — exactly what arrives on the device, per platform.
- Scheduling — cron, delay, and delivery windows.