How to generate authentication token/Notification Certificate in AppStore connect for send push notification?

Achsuthan Mahendran
6 min readJun 21, 2022

This is another article in push notification series. This article is going to explain how to generate the authentication token/ Notification certificate in AppStore connect to send the push notification.

Export authentication token/certificate

What is an authentication token/ Notification certificate?

Both are used to verify the server with apple that you are the only one sending the push notification. Both can be generated from the AppStore connect.

The authentication token is called as .P8 file

Notification certificate is .P12 file

Only the one option is used to send the push notification(P12/P8)

What is the difference between P12 and P8 formats?

P12 format is initially used and still, people are using this, this has some pros and cons


  1. Only valid for one year, every year need to get a new certificate
  2. Need production and development tokens separately
  3. Each app needs to have its P12 certificate


To resolve the P12 issue, Apple has introduced the P8 token which contains,

  1. P8 key is one time we don’t need to renew the key every year
  2. There is no production and development token separately
  3. One token can be used for all the apps inside the same developer account.

This article is going to explain how P12 and P8 certificates can be generated from AppStore.

Let’s Start with P12 certificate and create the process

In the first part, I’ll give you the steps on how can we get the P12 certificate

Step 1

Go to the developer page and log in with your credentials.

Step 2

Please make sure you are in the correct team, and then click the certificate, IDs & profiles

Select the certificate, IDs & Profiles

Step 3

Once you click the certificates, IDs & Profiles, it will navigate to that respective page, select the Identifiers and search the project’s identifier which you created earlier, and then select that identifier.

Select project identifer

If you want to checkout the article how to setup iOS app receive push notification, go through my other article.

Step 4

Once you select the identifier and scroll it all the way to down until you see the push notification and then click the configure button

Configure push notification

Step 5

App will give both development and production certificate, So that we will be having two different certificate the development can be used for the sandbox and and production can be used for actual AppStore builds.

Select the certificate type

Step 6

Before click the create certificate, open the Keychain in your mac and Keychain Access -> Certificate Assistant -> Request a certificate from a Certificate Authority. Fill all the information and save it in your local disk.

certificate creation

Step 7

Once the step 6 done, go the apple developer account now click the create certificate button. from that page chose the file and upload the file you exported in the previous section. Once you uploaded, click the continue button.

Upload certificate

Step 8

You should be able to download the certificate which will be end with .cer. As you can see this certificate is only valid for 1 year.

Why the certificate is .cert 🤔 I should see P12 file right!!!!. Wait Wait…. We do have another few steps to create the P12 file 😅

Step 9

Double click the file you download from the developer account which will be added to the Keychain. Search your file and right click and export the file, which ask a password to protect the P12 file, enter a strong password, you should be able to get the P12 file now 🤓

When you try to export the file, which will ask your system password, enter your system password and click always allow.

Getting P12 file from Keychain

It’s a lengthy steps I know but that’s how you can create the P12 file. Let’s move to the P8 process.

P8 token creation process

Step 1

Go to the developer page and log in with your credentials.

Step 2

Please make sure you are in the correct team, and then select click the certificate, IDs & profiles

Select the certificate, IDs & Profiles

Step 3

Click the keys and press the plus button which bring to another page to create the key.

Step 4

Enter the unique name and select the Apple Push Notification Service(APNS) and click the Continue button. then the .P8 file and the a 10-character string with the Key ID also will be provided. For me since I’ve already created keys so it’s not allow me to create the new Key ID.

The important point to take note of ⚠️

  1. Please keep P12, P8 and Key ID in a secure place, if any of the people can steal them, they can use them to communicate with APNS.
  2. When you enter the password for P12 certificate export in the final step, please give the strong password as much as possible.
  3. If you are planning to work with P12 certificate, please do the sandbox and production certificate separately. This way you can test any features before deploying to bring the app to production.
  4. Don’t use both certificate, plan your project and use either one option(P12/P8)


We have done the exporting of the token and certificate. but if you do the P8 file don’t do the P12 option since the P8 have more advantages than P12.

Where to go from here, From the next article, we can learn how to use this token/certificate to send push notifications using GitHub open source app. Please checkout the article.

Please add your comments, which helps me to improve my writing and correct my mistakes. Don’t forget to give some claps 👏 that’s only kind of a coffee for writing more articles.

Happy coding………… Se ya in the next article.



Achsuthan Mahendran

iOS Developer, Web Developer, Flutter Developer. GitHub: achsuthan