How do I troubleshoot “DeviceTokenNotForTopic” errors when publishing APNs push notifications through Amazon SNS or Amazon Pinpoint?

Last updated: 2022-08-17

My Apple Push Notification Service (APNs) mobile push notifications are failing to send through Amazon Simple Notification Service (Amazon SNS) or Amazon Pinpoint. When the push notifications fail, APNs returns a 400/410 status code with a "DeviceTokenNotForTopic" error message. Why am I receiving this error, and how do I resolve the issue?

Short description

When creating an Amazon SNS platform application or configuring an Amazon Pinpoint APNs channel, a certificate/token linked to a specific bundle ID is required. Your application generates a device token with that bundle ID. When sending a message to a device endpoint, the APNs expects the same bundle ID for this device token.

If the APNs picks up a device token with a different bundle ID, it returns a 400/410 status code and the following error: "DeviceTokenNotForTopic". When this error occurs, APNs deactivates the associated platform endpoint and displays a “disabled” status for this endpoint on SNS.

For more information, see User notification process overview and Apple authentication methods in the Amazon SNS Developer Guide. Also, Handling notification responses from APNs on the Apple Developer website.

Note: You can set up mobile app event notifications when certain application events occur so you can take programmatic action on that event. For example, you can set up an event notification when a platform endpoint is deactivated.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

To resolve the error when using Amazon SNS or Amazon Pinpoint to send push notifications to APNs

  1. First check the bundle ID that's registered with APNs for your application.
  2. Update the application's bundle ID to match the bundle ID that's registered with APNs and generate a new device token.
  3. Then, update the platform endpoint with the newly generated device token.

Check the bundle ID that's registered with APNs for your application

Certificate-based authentication

  1. Sign in to your Apple Developer account.
  2. In the left navigation bar, choose Certificates, IDs & Profiles.
  3. In the left navigation bar, choose Identifiers.
  4. Choose your application.
    Note: To verify that your application is linked to a certificate, navigate to Certificates, and then view the bundle ID under Name.
  5. Copy the bundle ID that's in the Name field. This is the bundle ID that's registered with APNs for your application.

Token-based authentication

For token-based authentication, you can map multiple bundle ID’s (applications) with a single token. To verify that you're using the correct bundle ID, confirm them on either your Apple Developer account or on your SNS console.

  1. Sign in to your Apple Developer account.
  2. In the left navigation bar, choose Certificates, IDs & Profiles.
  3. In the left navigation bar, choose Identifiers. Then, App IDs.
  4. Choose your application.
  5. Copy the bundle ID that's in the Name field. This is the bundle ID that's registered with APNs for your application.
  6. Sign in to your SNS Console.
  7. Navigate to Push Notification under Mobile.
  8. Choose your platform application.
  9. Verify that the Apple Bundle ID is the correct bundle ID.

To update the application's bundle ID to match the bundle ID that's registered with APNs

  1. Download Xcode, if you haven't already.
  2. Open Xcode.
  3. Choose your application's root project folder.
  4. Choose Signing & Capabilities.
  5. In the Bundle Identifier text field, enter the bundle ID that's registered with APNs for your application. The new bundle ID is saved automatically.
  6. Run your application to generate a new device token with the correct bundle ID.

Update the platform endpoint

For Amazon SNS

  1. Run the set-endpoint-attributes AWS CLI command.
  2. Change the following attributes:
    - Enabled to "true".
    - Token, specify the newly-generated device token.

For Amazon Pinpoint

  1. Run the update-endpoint AWS CLI command.
  2. Change the following attributes:
    - Address, specify the newly-generated device token.

For more information, see Creating a platform endpoint in the Amazon SNS Developer Guide and Adding endpoints to Amazon Pinpoint.


Did this article help?


Do you need billing or technical support?