WebPush Notifications

From sgcWebSockets 2023.4.0 WebPush notifications are supported. The Web Push protocol is a technology used to deliver real-time notifications to users on the web. The three main features of the Web Push protocol are:

  1. Push Notifications: The Web Push protocol allows web applications to send notifications to users even when the application is not open or active. Users can receive push notifications on their devices, such as desktops, laptops, or mobile phones, without having to be on the website.
  2. User Consent: The Web Push protocol requires user consent before notifications can be sent. This means that users must opt-in to receive push notifications from a website, and they can also easily opt-out at any time.
  3. Encryption: The Web Push protocol uses encryption to secure the communication between the server and the user's device. This ensures that the notifications are delivered securely and cannot be intercepted or tampered with by third parties.


The WebPush protocol is defined by the RFC 8030 (Delivery using HTTP Push) and RFC 8291 (Message Encryption).

Web Push is a standardized protocol for delivering push notifications to web browsers. It uses the Push API, which is a standard web API that enables websites to register and receive push messages. The Push API allows a website to send push messages to a user's browser, even when the user is not actively browsing the website.

To use Web Push, a website first needs to obtain a push subscription from the user's browser. The subscription consists of a unique endpoint URL and an encryption key. The endpoint URL is a URL that the website can use to send push messages to the user's browser, and the encryption key is used to encrypt and decrypt the push messages.

Once the website has obtained a push subscription, it can send push messages to the user's browser by making an HTTP request to the endpoint URL. The push message is sent in a special format called the Web Push Protocol Message, which consists of a set of headers and a payload. The headers contain information such as the encryption key and the TTL (time-to-live) of the message, while the payload contains the actual content of the message.

When the user's browser receives a push message, it first decrypts the message using the encryption key. It then displays the notification to the user, along with any additional actions that the user can take, such as dismissing the notification or opening the website.

To ensure the security and privacy of push messages, Web Push uses end-to-end encryption and requires that push subscriptions be obtained over a secure connection (e.g., HTTPS). Additionally, the protocol provides mechanisms for authenticating the sender of a push message and preventing abuse (e.g., by limiting the number of push messages that a website can send to a user). 


  1. Attach a TsgcWSServer_API_WebPush to a WebSocket server using the Server property.
  2. Configure the public and private keys in the WebPush.VAPID property. (Registered users can download an executable that generates the VAPID keys for windows).
  3. Requires to deploy the openSSL 3.0.0 version
  4. In the WebPush.Endpoints property you can define your own endpoints to handle the webpush subscriptions, by default, accessing to the "/sgcWebPush.html" endpoint will show a simple webpage that enables to Subscribe to the WebPush notifications.
  5. Start the server and access to the endpoint configured to test it.
// ... create server
Server := TsgcWebSocketHTTPServer.Crete(nil);
WebPushServer := TsgcWSAPIServer_WebPush.Create(nil);

// ... attach webpush to the server
WebPushServer.Server := Server;

// ... set keys
WebPushServer.WebPush.VAPID.DER.PublicKey := 'BLRy7bKdS9SWqo_yBLnhL6fcrxt8INTzgJcxH--zbDPakzBQUIgT4wbvLczeZS154yjMuCPgAE8jiOys9gvEVVo';
WebPushServer.WebPush.VAPID.DER.PrivateKey := 'IE_ZkMcVaMh-clcMJcUwhAhdHBCh_HnfWKRzZHdEr6o';
WebPushServer.WebPush.VAPID.PEM.PrivateKey.Text := '-----BEGIN PRIVATE KEY-----....-----END PRIVATE KEY-----';

// ... start server
Server.Active := True;


Handling Subscriptions

Every time a new client subscribes, the event OnWebPushSubscription is called, here you can save the subscription object into a database to store all subscriptions and reload if the server is restarted. 

procedure OnPushSubscription(Sender: TObject; aSubscription: TsgcHTTP_API_WebPush_PushSubscription; var ResponseCode: Integer);
  DataSet.FieldByName('ENDPOINT').AsString := aSubscription.Endpoint;
  DataSet.FieldByName('PUBLICKEY').AsString := aSubscription.PublicKey;
  DataSet.FieldByName('AUTHSECRET').AsString := aSubscription.AuthSecret;

The WebPush server has an internal property, called Subscriptions, where all Subscriptions are inserted or removed automatically. If the server is restarted, you can load the previously stored subscription using the methods Subscriptions.AddSubscription and Subscriptions.RemoveSubscription

Sending Notifications

Use this method to send a notification given a subscription object. The subscription object is just a class with the following properties

  • Endpoint: the url where the client must POST a message.
  • PublicKey: the public key used to encrypt the message.
  • AuthSecret: the secret used to encrypt the message.

The message can be a string or an object of TsgcWebPushMessage 

procedure SendNotification(const aSubscription: TsgcHTTP_API_WebPush_PushSubscription);
  oMessage: TsgcWebPushMessage;
  oMessage := TsgcWebPushMessage.Create;
    oMessage.Title := 'eSeGeCe Notification';
    oMessage.Body := 'Subscription Successfully Registered!!!';
    oMessage.Icon := 'https://www.esegece.com/images/esegece_logo_small.png';
    oMessage.Url := 'https://www.esegece.com';
    sgcWSAPIServer_WebPush1.SendNotification(aSubscription, oMessage);

Broadcast Notifications

Using this method, the message will be sent to all subscribed clients, find below a simple example using delphi code.

procedure BroadcastNotification;
  oMessage: TsgcWebPushMessage;
  oMessage := TsgcWebPushMessage.Create;
    oMessage.Title := 'eSeGeCe Notification';
    oMessage.Body := 'New version released!!!';
    oMessage.Icon := 'https://www.esegece.com/images/esegece_logo_small.png';
    oMessage.Url := 'https://www.esegece.com';

WebPush Video

Delphi Source Code and Compiled Demo

Find below the delphi compiled demo for windows and the source code of the WebPush Server Demo. 

3.7 mb
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

sgcWebSockets 2023.4
sgcWebSockets 2023.3

Related Posts