Mobile push notifications#

A push proxy is a key technology behind notification transmission that enables notifications between the server and a Mobile app. See our Mobile Apps FAQ documentation to learn more about how push notifications work.

Mattermost offers a Mattermost Push Notification Service (MPNS) for Team Edition, Cloud, and Enterprise deployments.

Test Push Notifications Service (TPNS)#

plans-img Available on all plans

deployment-img self-hosted deployments

Self-hosted customers can use Mattermost’s free, basic Test Push Notifications Service (TPNS).

Note

  • The TPNS isn’t recommended for use in production environments, and doesn’t offer production-level update service level agreements (SLAs).

  • The TPNS isn’t available for Mattermost Cloud deployments.

Enable TPNS#

To use the Mattermost TPNS, go to System Console > Environment > Push Notification Server > Enable Push Notifications, then select Use TPNS connection to send notifications to iOS and Android apps.

See our Testing Push Notifications documentation to learn more about testing mobile push notifications.

Note

  • The TPNS only works with the pre-built mobile apps that Mattermost deploys through the Apple App Store and Google Play Store. If you have built your own mobile apps, you must also host your own Mattermost push proxy service.

  • You must ensure that the push proxy can be reached on the correct port. For TPNS, it’s port 80 from the Mattermost server.

Hosted Push Notifications Service (HPNS)#

plans-img Available on Enterprise and Professional plans

deployment-img Cloud and self-hosted deployments

Mattermost Enterprise, Professional, and Cloud customers can use Mattermost’s Hosted Push Notification Service (HPNS). The HPNS offers:

  • Access to a publicly-hosted Mattermost Push Notification Service (MPNS) available on GitHub.

  • An explicit privacy policy for the contents of unencrypted messages.

  • Encrypted TLS connections:

    • Between HPNS and Apple Push Notification Services

    • Between HPNS and Google’s Firebase Cloud Messaging Service

    • HPNS and your Mattermost Server

  • Production-level uptime expectations.

  • Out-of-box configuration for new servers means nothing is required to enable HPNS for new deployments. HPNS can be enabled for existing deployments.

Note

  • The HPNS only works with pre-built apps Mattermost deploys through the Apple App Store and Google Play Store. If you build your own mobile apps, you must also host your own Mattermost push proxy server.

  • You must ensure that the push proxy can be reached on the correct port. For HPNS, it’s port 443 from the Mattermost server.

  • Mattermost doesn’t store any notification data. Any data being stored is at the server level only, such as the device_id, since the HPNS needs to know which device the notification must be sent to.

Enable HPNS for existing deployments#

Configuring your existing Mattermost instance to use the Mattermost HPNS is a single, one-time step.

  1. Follow the instructions to install or upgrade to Enterprise Edition.

  2. Go to System Console > Environment > Push Notification Server.

  3. Set Enable Push Notifications to Use HPNS connection with uptime SLA to send notifications to iOS and Android apps. Note that this option is only available in Mattermost Enterprise Edition.

  4. Mattermost Enterprise and Professional customers: Specify the physical location of the Push Notification Server.

  • United States: https://push.mattermost.com

  • Germany: https://hpns-de.mattermost.com

Configure a licensed self-hosted Mattermost deployment to use the Mattermost Hosted Push Notification Server (HPNS) in the System Console by going to Environment > Push Notification Server. Select the HPNS option, then specify the server URL.
  1. Review the Mattermost Terms of Service and the Mattermost Privacy Policy, then select the box “I understand and accept the Mattermost Hosted Push Notification Service Terms of Service and Privacy Policy” to acknowledge that you understand the terms of use.

  2. Select Save

After setup, test push notifications to confirm they are working.

ID-only push notifications#

plans-img Available on Enterprise plans

deployment-img Cloud and self-hosted deployments

Admins can enable mobile notifications to be fully private to protect a Mattermost customer against breaches in iOS and Android notification infrastructure by limiting the data sent to Apple and Google through a Mattermost configuration setting.

The standard way to send notifications to iOS and Android applications requires sending clear text messages to Apple or Google so they can be forwarded to a user’s phone and displayed on iOS or Android. While Apple or Google assure the data is not collected or stored, should the organizations be breached or coerced, all standard mobile notifications on the platform could be compromised.

To avoid this risk, Mattermost can be configured to replace mobile notification text with message ID numbers that pass no information to Apple of Google. When received by the Mattermost mobile application on a user’s phone, the message IDs are used to privately communicate with their Mattermost server and to retrieve mobile notification messages over an encrypted channel. This means that, at no time, is the message text visible to Apple or Google’s message relay system. The contents of the message also won’t reach the Mattermost Push Notification Service (MPNS).

Note

Because of the extra steps to retrieve the notifications messages under Mattermost’s private mobility capability with ID-only push notifications, end users may experience a slight delay before the mobile notification is fully displayed compared to sending clear text through Apple and Google’s platform.

See our configuration settings documentation to learn more about the ID-only push notifications configuration setting. See our Mobile Apps FAQ documentation for details on using ID-only push notifications for data privacy.

Host your own push proxy service#

Customers building their own custom mobile apps must host their own push proxy service using one of the following methods:

See our developer documentation on working with the Mattermost Push Notification Service.

Enable MPNS#

  1. Go to System Console > Environment > Push Notification Server.

  2. Under Enable Push Notifications, select Manually enter Push Notification Service location.

  3. Enter the location of your MPNS in the Push Notification Server field, then select Save.

  4. (Optional) Customize mobile push notification contents. Most deployments choose to include the full message content sent in the notification payload.

  1. Go to System Console > Site Configuration > Notifications.

  2. Under Push Notification Contents, select the type of information to include in push notifications, then select Save.

Note

  • We recommend that your instance of the MPNS be behind your firewall inside your private network, or in your DMZ, in a way that the Mattermost server can access it.

  • The MPNS does not connect with Mattermost mobile apps directly; the MPNS parses and forwards push notifications from the Mattermost server to the Apple Push Notification Service (APNS) or the Firebase Cloud Messaging (FCM).

  • The MPNS must be able to communicate with the Apple Push Notification Service over HTTP/2. If an outbound proxy appliance is deployed between the MPNS and APNS, ensure it supports HTTP/2. - Ensure you use encrypted TLS connections between your MPNS and Apple Push Notification Service, between your MPNS and Google FCM, and between your MPNS and your Mattermost server.

  • You must ensure that the push proxy can be reached on the correct port. The default port is 8086.

  • As part of the process of building the applications, you’ll need to sign the applications. You must also obtain the appropriate certificate for both Android and iOS. If this isn’t done, the applications won’t be able to interact with your instance of the MPNS. Once this is complete, you can proceed with the deployment of your MPNS instance.

  • We strongly recommend that you subscribe to Mattermost Security Bulletins. When you’re notified of security updates for the MPNS, apply them promptly.