Getting “EndpointDisabled” from Amazon SNS

Question

I\'m using Amazon SNS. Notifications work well, but sometimes I get this error:

{
    \"message\": \"Endpoint is disabled\",
    \"code\": \"EndpointDisabled         


        

Answer 1

If you get the error End Point is Disabled, use the code below to enable the endPoint and then Push Notification using Amazon credentials:

*//Enable Device*

var sns = new AmazonSimpleNotificationServiceClient("AwsAccesskeyId", "AwsSecrteAccessKey", RegionEndpoint.USWest1);
Dictionary<string, string> objDictCheckEndpointEnable = new Dictionary<string, string>();
objDictCheckEndpointEnable.Add("Enabled", "False");
sns.SetEndpointAttributes(new SetEndpointAttributesRequest
    {
        Attributes = objDictCheckEndpointEnable,
        EndpointArn = "AwsEndPointArn" //This is Device End Point Arn
    });

*//End*

Answer 2

You can create a new SNS topic such as push-notification-failures and then associate your APNS/APNS_SANDBOX applications' "Delivery Failures" event to it. Subscribe to the event via email (and confirm) and you'll get useful debugging information about failures. This can all be accomplished through the SNS console and doesn't require API calls to perform.

It is probably worth it to subscribe an HTTP endpoint to this SNS topic and record all delivery failures so you have historical data to work from and debug production issues.

For example a delivery FailureMessage of "Platform token associated with the endpoint is not valid" means that you're sending a message from APNS_SANDBOX to an APNS registered device or vice versa. This can mean that you have the wrong APNS settings for your build system. (We have a frustrating problem of developer built binaries using APNS_SANDBOX vs. TestFlight built binaries using APNS for local testing and QA which is what led me down this path.)

Answer 3

There are few reasons why an end point can be disabled. I didn't see it documented anywhere (might have missed it), here's what I got from support:

• You push to an endpoint but the token is invalid/expired. Tokens become invalid if:

• It belongs to an app that is no more installed on the device.

• If device has been restored from backup. This renders token invalid and your app should request a new token and update SNS endpoint token accordingly.

• App has been re-installed on the same device. In case of Android, the app is assigned a new token. This happens as well with APNs but more often with Android.

• In case of APNs, a wrong provisioning profile is selected in xCode. In this case notifications fail and device becomes disabled later after APNs feedback.

• If mistakenly use a token for IOS development to IOS production app and vice versa.

• If Apple for any reason invalidates your IOS push cert or someone revokes the push cert from itunes connect portal. This takes a few hours before device gets disabled.

• Same with GCM if you update API key from Google developer console without updating the Platform application credentials in SNS.

• You push to an APNs device endpoint but application has been disabled due to expired push certificate.

• You push to GCM device endpoint however API key has been updated in Google developer console but not the SNS platform application credentials accordingly.

For Details, I recommend this excellent article which solves my problem

Answer 4

According to http://docs.aws.amazon.com/sns/latest/APIReference/API_Publish.html that means that the endpoint is disabled.

From http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/sns/model/SetEndpointAttributesRequest.html:

Enabled -- flag that enables/disables delivery to the endpoint. Message Processor will set this to false when a notification service indicates to SNS that the endpoint is invalid. Users can set it back to true, typically after updating Token.

"notification service" in this case is referring to Google's GCM, Apples APNS or Amazon's ADM.

Answer 5

Quick checklist before taking drastic measures:

1. Generate the Certificate Signing Request (CSR) using Keychain App.
2. Export the APNS certificate and its private key into a single p12 file using Keychain App.
3. When you create a new application in Amazon SNS, the platform must match the APNS environment (Development/Production on both sides).
4. When you request a device token, you must be in the right application (the application's bundle identifier matches the APNS certificate).
5. When you create a new platform endpoint in AWS SNS, the device token must be added to the right application (the good application certificate and the good Development/Production platform).

---

In my case I generated the CSR using a third party SSL tool. I obtained a valid certificate from Apple developer portal but without the private key. Then I tried Windows' certificate tool to export without great success. Waste of time. Start your Mac.

Then I used the AmazonMobilePush sample app to get a device token. Because the demo's bundle identifier doesn't match my certificate, the endpoint was invalid. At each SNS sending the endpoint became disabled (false). At the end the cause was obvious, but I still lose precious time.

Answer 6

For me, I was getting the "Platform token associated with the endpoint is not valid" because my SNS Platform Application Endpoints were not set up correctly. Specifically, the SNS console was not reading the credentials correctly from my .p12 file even though it contained the correct cert and private key. The solution, based on this post, was to create a second .p12 file that contained the cert and no key. I loaded the credentials from the first .p12 file, and then loaded the credentials second .p12 file. I could see the cert string change when I did so, and afterward I had no problems.

If you are creating a production endpoint, SNS will warn you about mismatched certs, but it does no such checking for development endpoints. The only way you will know that the endpoint is borked is when you get the platform token error.

I sure hope this helps somebody out there, as it drove me to distraction.