3

I have multiple https domains for sending web push notifications. But i will send web push notification from one server. I know why it is use and i read some documents about it. But i didn't see anything about this approach. I generated vapid key from my server just once. I tried to send push notification with these keys and i got notification successfully. But i have 2 question for you.

  1. Should i generate different VAPID key for each domain ?
  2. Can i generate just one VAPID key and use all domains ?
Murat Karagozgil
  • 178
  • 1
  • 2
  • 13

1 Answers1

3
  1. For security and isolation, you should create a different VAPID key for each separate project. If the same project uses multiple domains or subdomains you can use the same VAPID key and there isn't any problem.
  2. Yes, you can. However if you deal with completely different websites this is not recommended: you can improve security and data portability by using different VAPID keys.
collimarco
  • 34,231
  • 36
  • 108
  • 142
  • What if you have a project that has multiple instances separated over multiple servers? Would the usage of a single VAPID key still work? Or is a key linked to a physical server? Thanks – Laurent Mar 09 '20 at 15:37
  • 1
    @Laurent If it's the same website you *must* use the same key; it doesn't matter the number of physical servers – collimarco Mar 10 '20 at 16:17