Today, I built the push notification engine for my Serverless AI Financial Agent. The goal was simple: if a user spends >100 EUR in a day, hit their iPhone with an alert and update their Home Screen widget. Getting AWS Lambda to talk to APNs (Apple Push Notification service) requires authorization. The Mistake You Are Probably Making: Generating a .pem certificate in the Apple Developer Portal. These expire every year, requiring manual intervention, and they force you to manage separate certs for Sandbox and Prod. The Architecture Fix: Use Token-Based Authentication (.p8). Generate a .p8 Auth Key in the Apple Developer portal. It is Team-Scoped and never expires. Go to AWS SNS -> Push notifications. Create a Platform Application (Apple iOS/VoIP/Mac). Choose Token for authentication (not Certificate). Paste your Key ID, Team ID, Bundle ID, and the .p8 file. Now, your AWS Lambda doesn't need to struggle with APNs connections. It just fires an event: Lambda just publishes to SNS. SNS handles Apple.…