PushWave Overview (Alpha)

Status: Early alpha. The SaaS dashboard and public API are not open yet.

PushWave is an Expo‑first push notification platform. The client SDK collects Expo push tokens and prepares native attestation (Play Integrity / DeviceCheck). The cloud (coming soon) will store tokens, validate attestation, and send notifications without you wiring a backend.

Why PushWave

Expo-first: Config plugin, no manual Gradle/Pod edits; works with EAS and Dev Clients.
No backend to build: Token storage, targeting, scheduling, and sending handled by PushWave cloud.
Native attestation: Play Integrity (Android) and DeviceCheck (iOS) to reduce spoofed tokens/leaked keys.
Minimal setup: One PushWaveClient.init({ apiKey }) call at startup; richer logs in __DEV__.
Dashboard-first (roadmap): Audiences, templates, one-off or recurring pushes without touching Firebase/APNs directly.

What PushWave will handle

Client SDK: Collects the Expo push token, performs attestation, and sends token + attestation to PushWave.
PushWave cloud (roadmap): Stores tokens, validates attestation, enforces project secret, and sends notifications.
Sending: Dashboard or API to target audiences and send.

What customers provide

Android (Play Integrity)
- packageName
- SHA-256 signing cert fingerprints (all: Play App Signing + upload/rotation)
- The app must call Play Integrity with the PushWave cloud project number (SDK will handle once configured).
iOS (DeviceCheck)
- teamId, keyId, bundleId
- .p8 private key (sent once, stored encrypted)
PushWave keys
- Public project API key
- Private project secret (header)

Current limitations

Dashboard and public API: not available yet.
Attestation: being wired end-to-end; treat as non-blocking until GA.
Expo Go is not supported once native code is involved—use EAS builds or Dev Clients.
You still upload FCM credentials to Expo (standard requirement for Android push).

Quick FAQ

Do I need a Google API key? No. Play Integrity decode uses PushWave’s service account + OAuth.
Is attestation enforced today? Not yet. It’s wired in the SDK; backend enforcement comes with the SaaS.
Expo Go support? No—use EAS/Dev Client (native code required).
What do you store for iOS? .p8 is stored encrypted; teamId/keyId/bundleId in clear.

Roadmap (short)

Open dashboard for targeting, templates, scheduling (one-off + cron-like).
Enforce Play Integrity / DeviceCheck on the backend.
Full guides: Play Store setup (Integrity API, tracks), iOS DeviceCheck setup.
Public API for sending and audience management.

Contact / Links

GitHub SDK: https://github.com/luruk-hai/pushwave-client
NPM SDK: https://www.npmjs.com/package/pushwave-client
Status: Alpha; reach out for early access.

Why PushWave​

What PushWave will handle​

What customers provide​

Current limitations​

Quick FAQ​

Roadmap (short)​

Contact / Links​