Push API (Web)
The Push API is a W3C web standard that lets a browser receive messages pushed from a server even when the corresponding web page is not open, by delivering them to a service worker registered for that origin.
Definition
The Push API is a W3C web standard that lets a browser receive messages pushed from a server even when the corresponding web page is not open, by delivering them to a service worker registered for that origin.
Overview
Before the Push API, web applications had no reliable way to notify users of new information unless the page was actively open and polling a server. The Push API closes that gap by giving browsers a persistent subscription channel to a push service, so a server can wake a service worker and deliver a message at any time, including while the browser is in the background or closed on some platforms. Using the Push API requires a site to register a service worker, then call `pushManager.subscribe()` on that worker's registration, typically supplying a VAPID (Voluntary Application Server Identification) public key. The browser returns a subscription object containing an endpoint URL unique to the push service (run by the browser vendor, such as Google's FCM or Mozilla's autopush) and encryption keys. The application server stores this subscription and later sends an encrypted payload to the endpoint using the Web Push protocol; the push service relays it to the browser, which wakes the service worker's `push` event handler. The Push API is almost always paired with the Notifications API: the service worker receives the push event and calls `showNotification()` to surface a system-level notification, since browsers require that a push event result in a visible notification (to prevent silent background tracking). Payloads must be encrypted end-to-end per the Web Push protocol (RFC 8291), so the push service itself cannot read message content. Support varies by platform: it works well on Chrome, Firefox, and Edge across desktop and Android, and Safari added support on macOS and, more recently, iOS home-screen web apps, though with platform-specific quirks around permission prompts and background execution limits.
Specification
- Delivers messages to a service worker even when the site is not open
- Requires HTTPS and an active service worker registration
- Works with the Notifications API to surface visible system notifications
- Uses VAPID keys to authenticate the application server to the push service
- Payloads are end-to-end encrypted per the Web Push protocol (RFC 8291)
- Subscription endpoints are unique per browser vendor's push service
- Requires explicit user permission before subscribing
- Distinct from but often confused with the Notifications API
Use Cases
Alternatives
History
The Push API is a W3C specification that lets a web application receive messages pushed from a server even when the app is not in the foreground — or not open at all — enabling timely, opt-in notifications and background updates. It works hand in hand with service workers: a page registers a service worker, subscribes via PushManager.subscribe(), and the browser's push service delivers messages that wake the service worker to update state or display a notification (typically through the companion Notifications API). Developed primarily through collaboration between Mozilla and Google, the Push API brought a capability previously exclusive to native mobile apps to the open web, and it is a key building block of Progressive Web Apps.
Sources
- W3C — Push API specification · as of 2026-07-17
- MDN Web Docs — Push API · as of 2026-07-17