How does brrr work? 🤓
When you register a device, brrr's backend generates a unique secret for it and sends it securely to your device. The secret is then stored in your private CloudKit database and is not accessible to the backend after registration.
That secret is used to authorize webhook requests for that specific device. You also get a shared webhook that targets all your devices.
To deliver notifications, brrr stores two things in its CloudKit container:
- the device's Apple push token
- a digest derived from the device secret
The digest is used to validate incoming webhook requests. The push token is required to communicate with Apple Push Notification Service.
When a webhook is invoked, the backend verifies the request using the stored digest, looks up the push token, and forwards the notification to Apple Push Notification Service. APNs handles delivery and retries.
brrr does not persist message content and does not log notification bodies.
1 An Apple push token is a unique, random code your device gives to an app so it knows exactly where to deliver notifications, without revealing who you are.