Notification System - Learning Module

Loading content...

0/273

Push, Email, SMS, and In-App Channels

The Four Pillars of User Communication

Modern notification systems must orchestrate delivery across multiple channels, each with distinct characteristics, delivery semantics, cost structures, and technical requirements. Understanding these channels deeply is essential for making informed architectural decisions about routing, fallback strategies, and user experience optimization.

Each channel serves a unique purpose in the notification ecosystem. Push notifications excel at real-time engagement, email provides rich content and persistent records, SMS ensures reach even without internet connectivity, and in-app notifications deliver contextual experiences within your application. Together, they form a comprehensive communication strategy that reaches users wherever they are.

What You Will Learn

This page provides a comprehensive exploration of each notification channel: the underlying protocols, major providers, integration patterns, handling failures, cost considerations, and best practices. You'll gain the knowledge needed to design a robust multi-channel delivery system.

Push Notifications: Mobile Platforms

Mobile push notifications are the modern equivalent of a tap on the shoulder—they interrupt users to deliver time-sensitive information directly to their lock screens. Despite their deceptive simplicity from a user's perspective, push notifications involve a complex chain of systems: your backend, platform-specific gateway services, device operating systems, and finally the notification rendering system.

The Push Notification Flow:

User opts in — App requests notification permission; OS generates a device token
Token registered — App sends device token to your backend for storage
Event occurs — Your system decides to notify the user
Message constructed — Notification payload created with title, body, data, actions
Sent to gateway — Message sent to APNs (iOS) or FCM (Android)
Gateway delivers — Platform service delivers to device over persistent connection
Device renders — OS displays notification based on user settings and app state

Apple Push Notification Service (APNs)

APNs is Apple's proprietary push notification service for iOS, iPadOS, macOS, watchOS, and tvOS. It provides a secure, reliable connection between your servers and Apple devices.

Authentication Methods:

Token-based (JWT) — Recommended. Use a signing key to generate short-lived tokens. Keys don't expire.
Certificate-based — Legacy method using SSL certificates that require annual renewal.

Connection Architecture:

Uses HTTP/2 over TLS for multiplexed, persistent connections
Single connection supports multiple concurrent streams (up to 500)
Apple recommends maintaining persistent connections to reduce latency

Payload Structure:

{
  "aps": {
    "alert": {
      "title": "New Message",
      "subtitle": "From John",
      "body": "Hey, are you free tonight?"
    },
    "badge": 5,
    "sound": "default",
    "category": "MESSAGE_CATEGORY",
    "thread-id": "conversation-123"
  },
  "custom_data": {
    "conversation_id": "abc123",
    "sender_id": "user-456"
  }
}

Key Limitations:

Maximum payload size: 4KB
Device tokens are environment-specific (development vs production)
Rate limits are per-device, not documented publicly but exist
Silent notifications limited to 2-3 per hour

Device Token Lifecycle

Device tokens are ephemeral. They change when: (1) User reinstalls the app, (2) User restores device from backup, (3) User upgrades to a new device, (4) Token refresh triggered by OS. Your system must handle token updates gracefully and purge stale tokens to maintain deliverability metrics and reduce wasted API calls.

Push Notifications: Web Platform

Web Push enables browser-based notifications that work even when your website isn't open. Built on open standards (Web Push Protocol, VAPID), it provides a platform-agnostic approach to reaching users on desktop and mobile browsers.

Web Push Protocol Stack:

Push API — JavaScript API for subscribing to push notifications
Service Workers — Background scripts that receive and display notifications
Web Push Protocol (RFC 8030) — HTTP-based protocol for message delivery
VAPID (RFC 8292) — Voluntary Application Server Identification for authentication
Message Encryption (RFC 8291) — End-to-end encryption of notification payloads

Subscription Flow:

// 1. Register service worker
const registration = await navigator.serviceWorker.register('/sw.js');

// 2. Request notification permission
const permission = await Notification.requestPermission();

// 3. Subscribe to push
const subscription = await registration.pushManager.subscribe({
  userVisibleOnly: true,
  applicationServerKey: urlBase64ToUint8Array(VAPID_PUBLIC_KEY)
});

// 4. Send subscription to your server
await fetch('/api/push/subscribe', {
  method: 'POST',
  body: JSON.stringify(subscription)
});

Browser Support and Push Endpoints
Browser	Push Service	Max Payload	Notes
Chrome	Firebase Cloud Messaging	4KB	Also handles Edge Chromium
Firefox	Mozilla AutoPush	4KB	Direct WebPush implementation
Safari (macOS 13+)	Apple Push Notification Service	4KB	Uses standard Web Push since 2023
Safari (iOS 16.4+)	Apple Push Notification Service	4KB	Requires PWA added to home screen
Edge (Legacy)	Windows Push Notification Service	5KB	Deprecated, use Chromium Edge

VAPID Keys

VAPID (Voluntary Application Server Identification) uses public-key cryptography to identify your server to push services. Generate a key pair once and reuse it. The public key is shared with browsers during subscription; the private key signs your push messages. Never expose your private key in client-side code.

Service Worker Handler:

// sw.js - Service Worker
self.addEventListener('push', function(event) {
  const payload = event.data ? event.data.json() : {};
  
  const options = {
    body: payload.body,
    icon: payload.icon || '/icon-192.png',
    badge: '/badge.png',
    data: payload.data,
    actions: payload.actions || [],
    tag: payload.tag, // For notification replacement
    renotify: payload.renotify || false
  };

  event.waitUntil(
    self.registration.showNotification(payload.title, options)
  );
});

self.addEventListener('notificationclick', function(event) {
  event.notification.close();
  
  const url = event.notification.data?.url || '/';
  event.waitUntil(
    clients.openWindow(url)
  );
});

Key Considerations:

Subscriptions can be invalidated by browser updates or user actions
No delivery receipts available; track opens via notification clicks only
Some browsers require user interaction before requesting permission
Background sync and periodic sync can complement push for resilience

Email Notifications

Email remains the most universal digital communication channel, reaching virtually every internet user regardless of device or platform. For notification systems, email serves dual purposes: transactional messages (receipts, confirmations, alerts) and marketing communications (newsletters, promotions, updates).

Email Delivery Chain:

Composition — Your system generates email content from templates
Submission — Email sent to your outbound mail server or ESP
Relay — Message routed through internet mail infrastructure
Reception — Recipient's mail server receives and processes
Spam Filtering — Content analyzed for spam, phishing, malware
Inbox Delivery — Message placed in inbox, promotions, or spam folder
Rendering — Email client displays message (with client-specific quirks)

Email Service Providers Comparison
Provider	Free Tier	Pricing	Best For
Amazon SES	62,000/month (EC2)	$0.10/1,000 emails	High volume, AWS integration
SendGrid	100/day forever	From $14.95/month	Marketing + transactional combo
Mailgun	5,000/month (3 months)	$0.80/1,000 emails	Developer-focused, good APIs
Postmark	100/month	$1.25/1,000 emails	Transactional focus, fast delivery
SparkPost	500/month	$0.25/1,000 emails	Enterprise, analytics rich

Deliverability Factors:

Email deliverability—getting messages to the inbox rather than spam—depends on:

Sender Reputation — IP and domain reputation built over time through sending volume, bounce rates, spam complaints, and engagement
Authentication — SPF, DKIM, and DMARC records that prove you're authorized to send for your domain
Content Quality — Avoiding spam triggers, maintaining text-to-image ratio, including unsubscribe links
List Hygiene — Removing bounced addresses, inactive subscribers, and spam traps
Engagement — High open and click rates signal valuable content

IP Warming

New sending IPs have no reputation. Sending high volumes immediately triggers spam filters. 'IP warming' gradually increases sending volume over 2-8 weeks, building positive reputation. Start with your most engaged users who will open emails, establishing positive engagement signals.

Email Authentication Setup

•SPF (Sender Policy Framework) — DNS TXT record listing authorized sending IPs. v=spf1 include:sendgrid.net -all
•DKIM (DomainKeys Identified Mail) — Cryptographic signature verifying email wasn't altered in transit. Requires DNS TXT record with public key.
•DMARC (Domain-based Message Authentication) — Policy telling receivers how to handle SPF/DKIM failures. Enables reporting.
•BIMI (Brand Indicators for Message Identification) — Display verified brand logo next to emails. Requires VMC certificate.

Bounce Handling:

Bounces occur when email delivery fails:

Hard Bounces — Permanent failures (address doesn't exist, domain invalid). Remove immediately from your list.
Soft Bounces — Temporary failures (mailbox full, server down). Retry with exponential backoff; convert to hard bounce after multiple failures.
Complaint — User marked email as spam. Remove immediately and investigate.

Most ESPs provide webhook notifications for bounces. Your system must process these in near-real-time to maintain sender reputation.

SMS Notifications

SMS (Short Message Service) provides the most reliable reach—it works on any phone, doesn't require internet connectivity or app installation, and has near-universal read rates (98%+ open rate). However, SMS is also the most expensive channel and subject to strict regulations.

SMS Delivery Path:

Message Creation — Your system generates SMS content (160 character limit for GSM-7, 70 for Unicode)
API Submission — Message sent to SMS aggregator (Twilio, Nexmo, etc.)
Carrier Routing — Aggregator routes to appropriate cellular carrier
Delivery — Carrier delivers to recipient's phone
Delivery Receipt — Optional confirmation of delivery (DLR)

SMS Providers Comparison
Provider	US Pricing	International	Key Features
Twilio	$0.0079/msg	Varies by country	Best documentation, global reach
Vonage (Nexmo)	$0.0068/msg	Varies by country	Good pricing, carrier lookup
Plivo	$0.0050/msg	Varies by country	Cost-effective, good SLA
AWS SNS	$0.00645/msg	Varies by country	AWS integration, simple API
MessageBird	€0.005/msg	Varies by country	Strong in Europe, good API

SMS Compliance is Critical

TCPA violations in the US can cost $500-$1,500 PER MESSAGE. Always obtain explicit opt-in consent, honor opt-outs immediately (STOP keyword), include sender identification, and maintain consent records. Similar regulations exist globally (GDPR, CASL, etc.).

SMS Best Practices

•Use short codes for high-volume transactional
•Use toll-free for moderate volume
•Use long codes sparingly (rate limited)
•Keep messages under 160 chars when possible
•Include opt-out instructions
•Send during appropriate hours (8AM-9PM)

SMS Limitations

•High cost compared to other channels
•Carrier filtering can block messages
•International delivery is complex
•No rich media (MMS has limited support)
•Character limits require concise content
•No reliable read receipts

Short Codes vs. Long Codes vs. Toll-Free:

Short Codes (5-6 digits) — High throughput (100+ msg/sec), expensive to lease ($500-1000/month), carrier approved, best for high-volume transactional
Long Codes (10-digit phone numbers) — Standard phone numbers, very limited throughput (1 msg/sec per number), cheapest option, P2P only
Toll-Free Numbers — Moderate throughput (3 msg/sec), monthly fee, requires registration, good for business messaging
10DLC (10-Digit Long Code) — Carrier-registered long codes, variable throughput based on trust score, requires campaign registration

OTP (One-Time Password) Considerations:

SMS-based 2FA is common but has security considerations:

Vulnerable to SIM swapping attacks
SS7 vulnerabilities allow interception
Delivery delays can frustrate users
Consider time-based OTP (TOTP) apps as alternative
Always implement rate limiting on OTP generation

In-App Notifications

In-app notifications appear within your application while the user is actively using it. Unlike push notifications that interrupt users externally, in-app notifications provide contextual, timely information within the user's current workflow. They're the least intrusive channel but only reach users who are already engaged with your application.

In-App Notification Types
Type	Persistence	Intrusiveness	Use Case
Toast/Snackbar	Auto-dismiss (3-8 sec)	Low	Quick confirmations, status updates
Banner/Alert	Until dismissed	Medium	Warnings, feature announcements
Modal/Dialog	Requires action	High	Critical actions, confirmations
Notification Center	Persistent list	Low (pull-based)	Activity feed, message history
Badge/Dot	Until reviewed	Very Low	Counts, unread indicators
Inline Message	Contextual	Low	Form validation, inline tips

Real-Time Delivery Architecture:

In-app notifications require real-time delivery to connected clients. Common approaches include:

1. WebSocket Connections:

// Client-side WebSocket connection
const ws = new WebSocket('wss://notifications.example.com/ws');

ws.onmessage = (event) => {
  const notification = JSON.parse(event.data);
  displayNotification(notification);
};

// Server-side: broadcast to user's connected sessions
async function sendInAppNotification(userId, notification) {
  const sessions = await getActiveWebSockets(userId);
  for (const session of sessions) {
    session.send(JSON.stringify(notification));
  }
}

2. Server-Sent Events (SSE):

Simpler than WebSocket, unidirectional
Better for notification-only use cases
Automatic reconnection built into browser API

3. Long Polling:

Fallback for environments without WebSocket support
Higher latency and server load
Still used for maximum compatibility

Notification Center Design

A well-designed notification center serves as a unified inbox for all user activity. Key features: (1) Unread count badge, (2) Mark all as read, (3) Notification grouping by type or timestamp, (4) Actions directly from notification list, (5) Pagination or infinite scroll for history, (6) Filtering by notification type.

In-App Notification Best Practices

•Respect Context — Don't interrupt critical workflows with non-urgent notifications
•Provide Actions — Include relevant actions (View, Dismiss, Reply) when applicable
•Support Multi-Device — Sync read state across devices so users don't see duplicates
•Graceful Degradation — Queue notifications if WebSocket disconnects; deliver on reconnect
•Accessibility — Ensure screen readers announce notifications; support keyboard navigation
•Animation — Subtle entrance animations draw attention without startling users

Channel Selection Strategy

Choosing the right channel for each notification type requires balancing urgency, user preferences, cost, and deliverability. A well-designed notification system uses intelligent channel selection based on multiple factors.

Channel Selection Matrix
Notification Type	Primary Channel	Fallback	Rationale
Password Reset	Email	SMS	Security audit trail, user expectation
2FA Code	SMS/Push	Voice	Immediate delivery, offline access
Order Confirmation	Email	In-App	Detailed receipt, persistent record
Shipping Update	Push	Email	Real-time relevance, multiple updates
New Message (Chat)	Push/In-App	Email (digest)	Immediate attention when active
Marketing Campaign	Email	Push	Rich content, trackable engagement
Fraud Alert	SMS + Push	Voice	Maximum urgency, redundancy

Intelligent Routing Factors:

User Preferences — Always respect explicit user choices for channel and frequency
Device State:
- Is push token valid and recent?
- Is user currently active in app (prefer in-app)?
- What's the user's timezone and local time?
Notification Urgency:
- Critical: Multi-channel simultaneously (fraud alert via SMS + Push + Email)
- High: Fastest available channel with fallback
- Normal: Preferred channel with gentle fallback
- Low: Batch for digest or next engagement
Cost Optimization:
- Prefer push/in-app over SMS when both are viable
- Use SMS only for high-value or critical notifications
- Consider cost caps per user per period

Fallback Chains

Design fallback chains for critical notifications. Example chain: Push (immediate) → Wait 5 min → Email (if push not acknowledged) → Wait 1 hour → SMS (if critical and still unacknowledged). Track acknowledgment state to prevent redundant fallbacks when user already responded.

Provider Integration Patterns

Integrating with external notification providers requires careful architecture to handle rate limits, failures, cost optimization, and provider portability.

Provider Abstraction Layer

•Provider Interface — Define a common interface for all providers of the same channel type. This enables provider swaps without code changes.
•Connection Pooling — Maintain persistent HTTP/2 connections to providers (especially APNs, FCM). Cold connections add latency.
•Circuit Breakers — Implement circuit breakers per provider to prevent cascade failures and enable graceful degradation.
•Retry with Backoff — Use exponential backoff with jitter for retries. Respect provider-specific retry headers.
•Dead Letter Queues — Route permanently failed notifications to DLQ for analysis and manual intervention.

Multi-Provider Strategy:

For high availability, consider multiple providers per channel:

Email Providers:
├── Primary: SendGrid (70% of traffic)
├── Secondary: Amazon SES (25% of traffic)
└── Tertiary: Mailgun (5%, warm standby)

SMS Providers:
├── Primary: Twilio
├── Secondary: Vonage (failover only)
└── Carrier-specific: Direct carrier APIs for volume discounts

Benefits of Multi-Provider:

Resilience against single provider outages
Cost optimization through provider competition
Improved deliverability (different providers have different strengths)
Negotiating leverage with providers

Challenges:

Increased complexity in routing logic
Inconsistent analytics across providers
Different feature sets may limit unified APIs

Webhook Security

Provider webhooks (delivery receipts, bounces, complaints) must be verified. APNs uses certificate authentication, FCM uses OAuth, and email providers typically use HMAC signatures. Always verify webhook authenticity to prevent spoofed feedback from polluting your data.

Summary: Notification Channels

We've explored the four primary notification channels in depth. Each serves distinct purposes and comes with unique technical requirements, costs, and constraints.

Key Takeaways

•Push (Mobile) — Fastest delivery, requires device tokens, platform-specific APIs (APNs, FCM), excellent for real-time engagement
•Push (Web) — Open standards (Web Push, VAPID), requires service workers, browser-based subscription management
•Email — Universal reach, rich content, requires deliverability expertise, authentication (SPF/DKIM/DMARC) critical
•SMS — Highest read rates, highest cost, strict compliance requirements, best for critical and time-sensitive messages
•In-App — Lowest cost, contextual delivery, requires real-time infrastructure (WebSockets), only reaches active users
•Channel Selection — Intelligent routing based on urgency, user preferences, cost, and device state maximizes effectiveness

What's Next:

With a deep understanding of individual channels, we'll now explore how to route notifications through this multi-channel system. The next page covers Notification Routing—the logic that determines which channel(s) to use for each notification, how to handle priorities, and implementing sophisticated routing rules.

Page Complete

You now have comprehensive knowledge of each notification delivery channel. You understand their protocols, providers, integration patterns, and failure modes. This foundation is essential for designing effective notification routing strategies.