Start a Project
DocsoPWAPush Notifications (VAPID)
Features

Push Notifications (VAPID)

oPWAorravo.com/docs/opwa/push-notifications

VAPID Key Setup

  1. Go to oPWA → Push Notifications → Generate VAPID Keys
  2. Click Generate — creates a P-256 key pair stored in opwa_settings
  3. The public key is served to browsers via the subscribe endpoint

PHP < 8.1: Uses a pure-PHP P-256 scalar multiplication fallback requiring the gmp extension.

Subscription Flow

The oPWA frontend JS calls pushManager.subscribe() with the VAPID public key, then POSTs the subscription object to:

POST /wp-json/opwa/v1/push/subscribe
Content-Type: application/json

{
  "endpoint": "https://fcm.googleapis.com/...",
  "keys": {
    "p256dh": "…",
    "auth": "…"
  }
}

Stored in wp_opwa_subscribers.

Sending Push Campaigns

Via Admin

oPWA → Push Notifications → New Campaign — title, body, icon URL, click URL, send now or schedule.

Via PHP

php$push = new OPWA_Push();

// Send to all subscribers
$push->send_to_all([
    'title' => 'New post published',
    'body'  => 'Check it out',
    'icon'  => 'https://example.com/icon.png',
    'url'   => 'https://example.com/new-post',
]);

// Send to a single subscriber (by subscription endpoint)
$push->send_to_subscriber( $endpoint, $payload );

Encryption

Payloads are encrypted using AES-128-GCM per RFC 8188 using the subscriber's p256dh and auth keys. All encryption is pure PHP — no external dependencies.

Push Notifications (VAPID) — oPWA Docs — Orravo