0

I am currently working on the implementation of push notifications. To do this, the web push api requires the subscription object which contains the public as well as the private key. Additionally the subscription needs to be stored in a database for later use.

#################
#Subscription Object 
#################

endpoint: { type: String, unique: true},
keys: {
 p256dh: {type: String},
 auth: {type: String}
},
 

#################
#Sending the Notification 
#################
 webpush.sendNotification(subscription, payload).catch(console.log);

Personally, I am not sure if I should save the private key in the database.

Is there a better approach to this? Or is it actually safe to store this information in this format?

Anthony
  • 11
  • 1
  • Yes, you should store the subscription object, including the keys, in the database. There aren't any other alternatives. If you want you can use some encrypted fields in the database, but in any case you will have a master key somewhere. There are also the [VAPID keys](https://blog.pushpad.xyz/2022/03/web-push-what-is-vapid/) that add an additional layer of protection and that you can keep somewhere else. – collimarco Jan 30 '23 at 15:01

0 Answers0