To send push notifications to iOS apps, an authenticated connection to Apple Push Notification Services (APNs) is required. You can authenticate using a token-based (.p8 key) or a certificate-based (.p12 file) method — but only one is necessary.

This guide will walk you through setting up a token-based .p8 key, the recommended approach.

Requirements

Make sure you have the following before starting:

• An iOS mobile app.
• A Paid Apple Developer Account with Admin access.
• A OneSignal Account.
• A mac with Xcode 14+.
• An Xcode project with Push Notification capability enabled.

Generate your .p8 key in Apple Developer Account

1. Log into your Apple Developer Account.
2. Go to Certificates, Identifiers & Profiles > Keys.
3. Click the blue plus (+) icon.
   • If you don’t see it, contact your Admin for access.

4. Select Apple Push Notifications service (APNs).
5. Enter a name for the key and click Continue, then Register.

6. Download your .p8 key and store it securely. You won’t be able to download it again.

⚠️

Apple only allows 2 active .p8 keys per developer account.

If you need to create a new .p8 and already have two, you must first revoke one of the existing keys — and it will no longer be usable.

Upload the .p8 key to OneSignal

1. Navigate to Settings > Push & In-App > Apple iOS (APNs) Settings in your OneSignal dashboard.

2. Choose .p8 Auth Key (Recommended) as the authentication method.

Provide the following:

• .p8 File – The private key file you downloaded from your Apple Developer account.
• Key ID – Located in the Keys section of your Apple Developer account. Make sure it matches the downloaded .p8 file.
• Team ID – Found in the top-right corner of your Apple Developer account.
• App Bundle ID – You can find this:
  • In the Identifiers section, or
  • In Xcode > Main App Target > Signing & Capabilities

Click Save & Continue when done.

✅

Success!

You’ve successfully set up APNs authentication using a .p8 key in OneSignal.

Your iOS app is now ready to send and receive push notifications! 🎉

.p8 troubleshooting

Step-by-step checklist:

1. Check .p8 File Format

   • Open the .p8 file in a text editor.

   • It should look like this:

     Text

     -----BEGIN PRIVATE KEY-----
     64 character line
     64 character line
     64 character line
     8 character line
     -----END PRIVATE KEY-----
     

2. Ensure You Didn’t Upload a .p12 by Mistake

   • .p8 keys come from the Keys section of your Apple Developer account.
   • .p12 certificates are from the Certificates section. These are not compatible with .p8 authentication.

3. Confirm You Have the Correct Key ID

   • Go to your Apple Developer > Keys section.
   • Match the Key ID you entered in OneSignal with the one listed for the downloaded .p8 key.

4. Verify the Team ID

   • Your Team ID appears in the top-right corner of your Apple Developer account.
   • Make sure it is copied exactly and matches the account where the key was generated.

5. Ensure the Key Has APNs Capability

   • When viewing your key in Apple Developer, the Apple Push Notifications service (APNs) capability should be listed.
   • If not, revoke the key and create a new one.

6. Wait a Few Minutes

   • Newly created keys may take 10–15 minutes to propagate before Apple allows external authentication.
   • If you get validation errors immediately after creation, wait and try again.

When all else fails

• Revoke the current .p8 key and create a new one from scratch.
• Double-check you’re using a valid Bundle ID from the same account the key was created under.
• Reach out to OneSignal Support with the Key ID, Team ID, Bundle ID, and a redacted screenshot of your Apple Developer Key configuration.

FAQ

Do I need a provisioning profile and how to create it?

Yes, Apple requires different types of profiles for development, testing (Ad Hoc), and distribution to the App Store.

In Xcode, you should be able to select Automatically manage signing to create one automatically.

Otherwise, see Apple's docs on provisioning profiles for details.