Sign in Subscribe

What Is the .p8 File in Apple Push Notifications — And Why Firebase Needs It

If you’ve ever configured push notifications for an iOS app, you’ve probably come across a file named something like AuthKey_ABC123DEFG.p8…

Dhruvam

5 min read
What Is the .p8 File in Apple Push Notifications — And Why Firebase Needs It

What is the .p8 File in Apple Push Notifications — and what is APNs?

Free Link for Readers

If you’ve ever configured push notifications for an iOS app, you’ve probably encountered a file like AuthKey_ABC123DEFG.p8 during your time in the Apple Developer portal. You might’ve uploaded it to Firebase and called it a day, but what exactly is this file? Why does Firebase need it? And when are you supposed to generate it?

This post breaks down what the .p8 file is, how it works behind the scenes, and why it’s critical for Apple Push Notifications (especially when using Firebase Cloud Messaging).

But before we uncover what is .p8 file is, let’s take a detour and understand what is APNs and how does this all work, in a broad sense.

APNs and how it works

I always used to wonder why did we rely on FCM so much, is there so much restriction as to who can send notifications to devices, but now I understand. FCM is just a tool to help us ease the work of scheduling notifications.

It all starts with a sophisticated thing called Apple Push Notification Services (APNs), which is the backend for the delivery of notifications to Apple devices.

The user is prompted with a message asking for permission for notifications. If the user agrees, APNs generates a device token and sends it to the device. This token uniquely identifies your app on this device.

This token is then usually sent to your servers to use in future.

Then, when the server wants to send a notification to a particular device, the token of the device is sent to the APNs along with other details, which then sends a notification to your app.

Since device tokens can change, it is important to keep your device tokens in sync with your server.

What is the .p8 File?

The .p8 file is a private key used for APNS (Apple Push Notification Service) token-based authentication. It’s part of a modern, stateless method for verifying push requests sent to Apple’s servers.

This key is associated with your Apple Developer account, and when combined with a few identifiers — your Team ID, Key ID, and Bundle ID — it allows services like Firebase to send push notifications to your iOS app on your behalf.

Key characteristics:

  • It’s in PEM format (just plain text).
  • It’s downloaded only once from the Apple Developer portal.
  • It’s tied to your Apple Developer Team, not a specific app, meaning you can use one key across multiple apps.

Filename format:

AuthKey_<KEYID>.p8

This file is not tied to any user device. It’s used on the server side only.

Why Do We Need It?

Apple wants to make sure that only authorised entities can send push notifications to users’ devices. To do that, it verifies push requests against known developer credentials.

Historically, this was done with .p12 certificate files that expired frequently, were per-app, and were a pain to manage. The .p8 key simplifies all of that.

You need the .p8 file to:

  • Authenticate push requests to APNS (either from your backend or a push service like Firebase).
  • Eliminate the need for manually renewing expiring certificates.
  • Support multiple apps with a single key (up to 10 apps per key).
  • Enable more scalable and secure notification workflows.

Why Does Firebase Need It?

When you use Firebase Cloud Messaging (FCM) to send push notifications to iOS devices, Firebase acts as your proxy.

Here’s how it works:

  1. Your app registers with Firebase and gets a device token.
  2. Your backend sends a message to Firebase targeting that token.
  3. Firebase needs to pass that message to APNS (Apple’s servers).
  4. Apple only delivers the message if the request is properly authenticated.

Firebase uses your .p8 key to sign a JWT (JSON Web Token) for each request. That token proves to Apple:

  • Who the sender is (via Team ID)
  • What key was used (via Key ID)
  • Which app the notification is for (via Bundle ID)

Without that .p8 file uploaded, Firebase can’t authenticate with APNS, and your iOS push notifications simply won’t work.

When Do You Need It?

You’ll need to generate and upload a .p8 APNS key when:

  • You’re setting up push notifications for iOS via Firebase for the first time.
  • You’re migrating from the old .p12 certificate-based push system to the newer token-based method.
  • You’re adding a new iOS app to your Firebase project and want to enable notifications.
  • You’ve lost your .p8 file, or it’s been compromised (you’ll have to revoke and reissue it).
  • You want to support multiple apps with a single key, instead of generating a separate .p12 for each.

This is a one-time setup per key. You can reuse the same key across multiple apps in the same Apple Developer Team, up to a limit of 10 apps per key.

What If You Lose the .p8 File?

This part trips people up:

You can’t re-download the .p8 file.

Apple shows it to you once. That’s it. If you lose it, Apple doesn’t store a copy.

So, what do you do if you can’t find it?

  1. Go to Certificates, Identifiers & Profiles in the Apple Developer portal.
  2. Revoke the old key (only if you’re sure you lost it).
  3. Generate a new key.
  4. Upload the new .p8 file, along with its Key ID and your Team ID, to Firebase.

Always store this file securely, ideally in your team’s shared password manager or version-controlled secrets vault (but never in your public repo).

How Does the Authentication Work?

Here’s a simplified view of what Firebase does behind the scenes with your .p8 key:

1. Firebase constructs a JWT containing:

• Your Apple Developer Team ID

• The Key ID from the Apple Developer portal

• The app’s Bundle ID

2. It signs JWT using your .p8 key (the private key).

3. Firebase sends a push request to APNS, including the signed token.

4. Apple verifies the token and delivers the push notification.

This flow is stateless, meaning Apple doesn’t have to maintain sessions. It’s faster, more reliable, and less error-prone than the legacy certificate approach.

In the end

If you’re building iOS apps with push notifications — especially with Firebase — the .p8 file is essential infrastructure. It’s not just some weird Apple requirement; it’s the key (literally) that unlocks secure, scalable push delivery to your users.

Keep it safe, understand what it’s doing, and enjoy smoother push notification setups moving forward.

Sign up for more like this.

Enter your email
Subscribe