https://notion-ga.ohwhos.now.sh/collect?tid=UA-65620077-1&host=gajduk.com&page=/blog/web-push-1

So it seems like web push has finally made its way to Mendix. Does this mean you should jump on the web push hype wagon? Is it time to retire the email templates module?

The answer to these questions you can find in this post.

What is web push?

<aside> 💡 Web Push gives web applications the ability to receive messages pushed to them from a server, whether or not the web app is in the foreground, or even currently loaded, on a user agent. This lets developers deliver asynchronous notifications and updates to users that opt in, resulting in better engagement with timely new content. https://developer.mozilla.org/en-US/docs/Web/API/Push_API

</aside>

That sums up web push pretty well. Basically, web push opens another communication channel between your Mendix app and your users. Here are some of the aspects of web push notifications that are relevant for discussing potential use cases.

Privacy and GDPR

In order to send web push notifications the user needs to give consent by subscribing.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/10e13c95-6fd7-4d66-8d2f-5058bdc12de9/Untitled.png

To fully comply with GDPR this subscription prompt can not be displayed on page load and instead has to be triggered by the user by interacting with the page for example via a mouse click.

The web push module for Mendix takes care of this and only shows the prompt after the user ticks a checkbox for receiving notifications.

Data security

What if you want to send sensitive data in a web push notification. Is there any danger that some other party can intercept and read the message?

Short answer: No.

Long answer: All data sent in a web push notification is encrypted using ECDH encryption. At the moment when the user subscribes for notifications, the web push module, and the browser exchange public keys. Afterward when a notification is sent it is encrypted using the server's private and the browser's public key. To decrypt this notification the browser uses the server's public key and its own private key which is securely stored on the local machine. That is the gist of the story. The real process is a bit more elaborate, For a complete explanation, check here. To summarize, although it is feasible for someone to intercept the notification message, it is impossible to decrypt the information in it, which makes it pointless to intercept in the first place.

Credits to https://developers.google.com/web/fundamentals/push-notifications/web-push-protocol

Credits to https://developers.google.com/web/fundamentals/push-notifications/web-push-protocol

Cross-platform support

One of the best aspects of web push is that it works on desktop, tablet, and mobile devices. And all of that by just using a standard web application without the need to build and publish a mobile app using native or hybrid apps.

The downside is that support across browsers and devices varies. The way notifications are displayed and their options differ based on the browser and operating system used. Things are getting better and already in 2020 most browsers on Windows offer a very similar experience by leveraging native Windows notification UI and functionality.