#web-push #http-ece #vapid


Web push notification client with support for http-ece encryption and VAPID authentication

14 unstable releases (5 breaking)

✓ Uses Rust 2018 edition

0.6.0-alpha.2 Sep 8, 2019
0.5.0 Jun 10, 2019
0.4.1 Oct 29, 2018
0.4.0 Jun 2, 2018
0.1.1 Jun 15, 2017
Download history 1/week @ 2019-05-26 28/week @ 2019-06-02 53/week @ 2019-06-09 37/week @ 2019-06-16 127/week @ 2019-06-23 81/week @ 2019-06-30 62/week @ 2019-07-07 14/week @ 2019-07-14 4/week @ 2019-07-21 20/week @ 2019-07-28 19/week @ 2019-08-04 17/week @ 2019-08-11 8/week @ 2019-08-18 27/week @ 2019-08-25 27/week @ 2019-09-01

163 downloads per month
Used in 1 crate


1.5K SLoC

Rust Web Push

Travis Build Status crates.io

Web push notification sender.

Alpha status

The current master and alpha versions use std::future with async/await syntax, and requires a nightly compiler. 0.5 works with stable and futures 0.1.

Bugfixes for the stable release should go against the v0.5 branch.


To send a web push from command line, first subscribe to receive push notifications with your browser and store the subscription info into a json file. It should have the following content:

  "endpoint": "https://updates.push.services.mozilla.com/wpush/v1/TOKEN",
  "keys": {
    "auth": "####secret####",
    "p256dh": "####public_key####"

Google has good instructions for building a frontend to receive notifications.

Store the subscription info to examples/test.json and send a notification with cargo run --example simple_send -- -f examples/test.json -p "It works!". If using Google Chrome, you need to register yourself into Firebase and provide a GCM API Key with parameter -k GCM_API_KEY.


To see it used in a real project, take a look to the XORC Notifications, which is a full-fledged consumer for sending push notifications.


VAPID authentication prevents unknown sources sending notifications to the client and allows sending notifications to Chrome without signing in to Firebase and providing a GCM API key.

The private key to be used by the server can be generated with OpenSSL:

openssl ecparam -genkey -name prime256v1 -out private_key.pem

To derive a public key from the just-generated private key, to be used in the JavaScript client:

openssl ec -in private_key.pem -pubout -outform DER|tail -c 65|base64|tr '/+' '_-'|tr -d '\n'

The signature is created with VapidSignatureBuilder. It automatically adds the required claims aud and exp. Adding these claims to the builder manually will override the default values.


Currently implements HTTP-ECE Draft-3 content encryption for notification payloads. The client requires Tokio for asynchronious requests. The modular design allows an easy extension for the upcoming aes128gcm when the browsers are getting support for it.

Tested with Google's and Mozilla's push notification services.


~349K SLoC