← Back to glossary

Web Push Notifications

mobile PHP 7.0+ Advanced

Also Known As

push API web notifications VAPID service worker push

TL;DR

Sending notifications to users even when the browser is closed — using the Push API, Service Worker, and Web Push Protocol with VAPID authentication.

Explanation

Web Push uses three components: Push API (browser API to subscribe), Web Push Protocol (RFC 8030 — standardised push delivery), and Service Worker (receives and displays notifications when the browser is closed). Flow: (1) user grants notification permission, (2) browser creates a push subscription (endpoint URL + encryption keys), (3) PHP backend stores the subscription, (4) PHP sends a push message to the subscription's endpoint via web-push library (minishlink/web-push), (5) push service delivers to browser, (6) service worker shows a notification. VAPID (Voluntary Application Server Identification) authenticates your server to the push service.

Common Misconception

✗ Web Push requires a native app — web push works in all modern browsers including iOS Safari 16.4+ PWAs; the same PHP backend serves both web and mobile push notifications.

Why It Matters

Re-engaging users who have closed the browser requires push notifications — without them, the only re-engagement channel is email.

Common Mistakes

Requesting notification permission immediately on page load — users deny unsolicited permission requests.
Not handling push subscription expiry — subscriptions expire or become invalid; handle 410 Gone responses.
No unsubscribe mechanism — users must be able to revoke permission.
Sending too many notifications — notification fatigue causes users to revoke permission.

Code Examples

✗ Vulnerable

// Immediate permission request — high denial rate:
document.addEventListener('DOMContentLoaded', () => {
    Notification.requestPermission(); // Before user understands the value
    // 80%+ denial rate for unprompted permission requests
});

✓ Fixed

// Context-triggered permission request:
orderCompleteButton.addEventListener('click', async () => {
    await submitOrder();
    // Now user understands value:
    if (Notification.permission === 'default') {
        const perm = await Notification.requestPermission();
        if (perm === 'granted') await subscribeToNotifications();
    }
});

async function subscribeToNotifications() {
    const sw = await navigator.serviceWorker.ready;
    const sub = await sw.pushManager.subscribe({
        userVisibleOnly: true,
        applicationServerKey: VAPID_PUBLIC_KEY,
    });
    await fetch('/api/push/subscribe', {
        method: 'POST', body: JSON.stringify(sub)
    });
}

References

↗ https://web.dev/articles/push-notifications-overview

Tags

mobile pwa php

Added 16 Mar 2026

Edited 22 Mar 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 0

No pings yet today

No pings yesterday

Amazonbot 7 Perplexity 5 Ahrefs 2 Unknown AI 2 Google 2

Also referenced

Progressive Web Apps (PWA) 45 Service Workers & Offline Caching 20 App Shell Architecture 17

How they use it

crawler 17 crawler_json 1

Related categories

frontend 845 mobile 385

⚡ DEV INTEL Tools & Severity

🟡 Medium ⚙ Fix effort: High

⚡ Quick Fix

Use the Push API + Service Worker for web push — generate VAPID keys, store subscriptions in PHP/MySQL, and send via web-push library on the PHP side

📦 Applies To

PHP 7.0+ web laravel

🔗 Prerequisites

Progressive Web Apps (PWA) Fetch API & HTTP Requests PHP Queue Workers

🔍 Detection Hints

No web push implementation for notification features; polling for notifications instead of push; PHP only sending email for real-time notifications

Auto-detectable: ✗ No lighthouse web-push-php

⚠ Related Problems

Progressive Web Apps (PWA) PHP Queue Workers user engagement

🤖 AI Agent

Confidence: Low False Positives: Medium ✗ Manual fix Fix: Medium Context: File