Incoming Messages

Your Messaging Service Provider (MSP) platform can receive an incoming message sent by a user through Apple Messages for Business, by implementing the /message endpoint. In the implementation, you can setup your MSP platform to validate the message (see Validating a Message) and deliver it to the business identified by the destinationId field (see Routing and Prioritizing Messages).

Request

POST https://msp.example.com/message

Parameters

The request body is a JSON dictionary that, in addition to the HTTP Body parameters, contains the following fields:

Name	Description
body	REQUIRED. The message text. This field is required when the type is text. There is no predetermined maximum for this field, but there may be a maximum size for the payload. This field supports the Basic Multilingual Plane of unicode. For more information, see TextMessage.
interactiveData	A dictionary representing the properties of an interactive message. For more information, see BaseInteractiveData dictionary for more information.
interactiveDataRef	A dictionary containing a reference to the interactive data dictionary. Apple Messages for Business includes this field, instead of interactiveData, when the interactive data dictionary is larger than 10 KB. For more information, see Receiving an Interactive Message.

Message Type Values

When a user sends a text message to a business, the Messaging service receives and forwards the message to the MSP platform by calling the MSPs platform /message endpoint. The message type is set to text.

The MSP platform validates the incoming message as described in Validating a Message. The /message endpoint then returns the appropriate response code to Apple Messages for Business. For a list of possible codes, see the Response Codes section in Common Specifications.

The possible string values for the message type field are:

Name	Description
text	REQUIRED. Indicates that this is a text message, with or without attachments.
interactive	REQUIRED. Indicates that this is an interactive message. This could be a list picker, time picker, or any other interactive message. For more information, see Interactive Message Types
typing_start	REQUIRED. Indicates that the user is actively entering text in Messages.
typing_end	REQUIRED. Indicates that the user cleared the text they were entering.
close	REQUIRED. Indicates that the user closed the chat. Only a user can close a chat. The MSP platform should not send a message with the type set to close. For more information, see Receiving Closed Conversation Messages.

Sample Message Received

This is a user communication sent from the Apple Messages for Business service to an MSP platform.

Request

Authorization: Bearer eyJhbGciOiJIUzI1NiJ9. <truncated>
Content-Length: 300
Destination-Id: a884eddf-<truncated>
Content-Encoding: gzip
Capability-List: AUTH,LIST,TIME,QUICK
X-Http2-Scheme: https
Host: http://msp.messagesforbusinessendpoint.com:443
Source-Id: urn:mbid:AQAAYyUbut6E4B3T9FLv5EbG/ <truncated>
Content-Type: application/json
Id: 27167455-1f53-4ddc-a797-318ad85cb28e
{
    "body": "Hi",
    "sourceId": "urn:mbid:AQAAYyUbut6E4B3T9FLv5EbG/ <truncated>",
    "locale": "en_US",
    "destinationId": "a884eddf-<truncated>",
    "v": 1,
    "type": "text",
    "id": "27167455-1f53-4ddc-a797-318ad85cb28e"
}

Response

HTTP/1.1 200 OK
Date: Fri, 05 Apr 2019 20:43:49 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=utf-8

Validating a Message

When the MSP platform receives a message, you must use the MSP platform secret to validate the message by performing the following checks:

• Verify that the destination-id field in the HTTP request header matches a valid business ID. If the MSP platform is multitenant, verify that the business exists within the MSP platform system and can accept incoming messages from Apple Messages for Business.
• Validate the Authorization header field using the MSP platform secret. For more information, see Authorizing Messages.
• Check for required HTTP request header fields. For more information, see the HTTP Headers section in Common Specifications.
• Verify that the HTTP body is a valid GZIP formatted object and reverse the compression ("gunzip") to reveal the JSON payload.
• Verify that the resulting text resolves to a valid JSON data payload.

Routing and Prioritising Messages

Each incoming message includes a list of fields useful for routing and prioritizing messages. When the MSP platform sends a message to Apple Messages for Business that includes any of these fields, Apple Messages for Business returns the fields in the user’s reply:

Name	Type	Description
body	string	A text field that prepopulates the message body. It can be overwritten and changed by the user.
capability-list	string	A string list that identifies Apple Messages for Business features supported by the customer’s device. The list items are case insensitive and separated by commas. When a customer sends a message, the MSP platform can obtain the customer device capabilities to compose an appropriate response for that device. Possible values are: - QUICK for Quick Reply Message support - LIST for List Picker Messsage support - TIME for Time Picker Messsage support - AUTH for Authenticate Message support - AUTH2 for New Authentication Message Message support - FORM for Forms Message support
destinationId	string	The identifier for the message recipient. When the MSP platform receives a message from Apple Messages for Business, the value is the business ID. When the MSP platform sends a reply to Apple Messages for Business, the value is the user’s opaque ID.
group	string	The group identifier for the message as specified by the business, such as the department name. For more information, see About Intent, Group, and Body Values. This field is optional.
intent	string	The intention, or purpose, of the chat as specified by the business, such as account_question. For more information, see About Intent, Group, and Body Values. This field is optional.
locale	string	The user's device locale settings. For example, en_AU specifies the language as English and the region as Australia.
sourceId	string	The identifier for the message sender. When the MSP platform receives a message from Apple Messages for Business, the value is the user’s opaque ID. When the MSP platform sends a reply to Apple Messages for Business, the value is the business ID.
capabilities	string	(Deprecated March 2022) A string list that identifies Apple Messages for Business features supported by the user’s device. The list items are case insensitive and separated by commas. When a user sends a message, the MSP platform can obtain the user device capabilities to compose an appropriate response message for that device. Possible value is auth for authenticate message support.

Receiving a Closed Conversation

Users can opt out of receiving any further messages from a brand. This is also known as closing a conversation.

A user closes a conversation by going to the tray view in Messages and left swipe a conversation. This action reveals two buttons: a mute icon and a delete icon. The user clicks the delete icon, agrees to delete the conversation, and confirms that they would you like to stop receiving messages from the business. This action sends a “close” message for an Apple Messages for Business conversation. Apple refers to this action as “delete” on the user's device, and the MSP and brand receive a “close” conversation from the standpoint of the brand and MSP.

Note that when the user deletes the conversation and does not ask to stop receiving messages from the business, no “close” message is sent to the MSP.

When a user closes a conversation, Apple Messages for Business sends a message of type close to your MSP platform, and your platform must block any agent, virtual or live, to send any further messages to this user. If you try to send a message to this user, Apple Messages for Business sends an HTTP 410 | Gone response. We require MSPs to keep a table of closed conversations and prevent brands from sending messages to users who have opted out.

The user can re-initiate the conversation. They can resume the conversation from any valid entry-point for the brand. When they do, they will return with the same opaque user ID as before.

If the user chooses to stop receiving messages, Apple Messages for Business considers the conversation closed and sends a message of type close to the MSP platform.

{
    "id": "UUID-IDENTIFIER-FOR-MESSAGE",
    "sourceId": "OPAQUE-USER-ID",
    "destinationId": "BUSINESS-ID",
    "type": "close",
    "v": 1
}

Message Attachments

You can send and receive message attachments when conversing with users.

Receiving a Text Message with an Attachment

An incoming text message may include one or more attachments. The MSP platform should process the message as described in TextMessage, but with the additional step of downloading the attachments. If the attachment size is larger than 10 KB, see Receiving an Interactive Message.

Any file type that can be sent as a binary can be sent by Apple Messages for Business. Binary files are considered successfully sent and viewable if the end device has the Messages app installed and can use the file.

Check the Incoming Message for Attachments

Always check for and download attachments after returning a response code to Apple Messages for Business. Check for attachments by inspecting the attachments array, which contains a list of Attachment dictionary objects, such as the url, signature-hex (hex-encoded signature), owner, and key. (A library converts the hex-encoded signature into a Base64-encoded signature.) Download each attachment by doing the following:

1. Retrieve the URL by obtaining the URL, Base64-encoded signature, owner keys from the initial attachment receipt, and use a GET request to the /preDownload endpoint (see Getting an Attachment's URL).
2. Download the attachment by sending a GET download-url request to the attachment URL.
3. Use the key to decrypt the downloaded file (see Downloading and Decrypting an Attachment).

Repeat the steps in the loop for each attachment listed in the attachments array, as shown in the diagram below.

Getting an Attachment’s URL

To retrieve an attachment's URL, use the information contained in the Attachment dictionary to call the /preDownload endpoint. The endpoint returns a temporary URL that you call to download an encrypted file containing the attachment.

URL

GET https://mspgw.push.apple.com/v1/preDownload

HTTP Headers

For more information, see the HTTP Headers in Common Specifications.

Response Codes

You can find the full list of Response Codes in Common Specifications.

Code	Description
200	OK The request was successful. Content-Type: application/json, see preDownloadResponseBody.

Response

The response body is a JSON dictionary that contains the following key.

Key	Description
download-url	The URL to the file. Make a GET request to this URL to download the attachment.

Example of a Received Message with Attachments

The following code example contains two attachments. When there is more than one attachment, they are displayed within an array.

Request

{
    "body": "\ufffc\ufffc",
    "attachments": [{
            "mimeType": "image/png",
            "name": "IMG_2103.PNG",
            "url": "https://p50-content.icloud.com/<truncated>",
            "mime-type": "image/png",
            "owner": "Murn%3Ambid%3A33c32473476ca07d893.<truncated>",
            "key": "00A155FD83F85B008957DEB918 <truncated>",
            "signature": "81C16E7AE89C5F98F1B <truncated>",
            "size": 205883
        },
        {
            "mimeType": "image/png",
            "name": "IMG_2065.PNG",
            "url": "https://p46-content.icloud.com/<truncated>",
            "mime-type": "image/png",
            "owner": "Murn%3Ambid%3A33c32473476ca07d89 <truncated>",
            "key": "00183E442B6779E08E0425543C <truncated>",
            "signature": "814C28F63E13501B71876 <truncated>",
            "size": 233488
        }
    ],
    "sourceId": "urn:mbid:AQAAYyUbut6E4B3T9FLv5EbG <truncated>",
    "locale": "en_US",
    "destinationId": "a884eddf-<truncated>",
    "v": 1,
    "type": "text",
    "id": "b07c4587-<truncated>"
}

Response

HTTP/1.1 200 OK
content-type: application/json
{
  "content-length": "291",
  "content-encoding": "gzip",
  "strict-transport-security": "max-age=31536000",
  "cache-control": "no-cache, no-store",
  "x-frame-options": "DENY",
  "content-type": "application/json"
}
{
  "download-url":"https://cvws.icloud-content.com/M/<truncated>"
}

Example of GET /preDownload

Request

GET   https://mspgw.push.apple.com/v1/preDownload HTTP/1.1
predownload_headers = {        
        "authorization": "Bearer %s" % get_jwt_token(),
        "source-id": BIZ_ID,
        "url": mmcs_url,
        "signature": base64_encoded_signature,
        "owner": mmcs_owner
    }
{empty body}

Response

HTTP/1.1 200 OK
content-type: application/json
{
  "download-url": "https://content.example.com/file-id"
}

Downloading and Decrypting an Attachment

Before sending an attachment to the business, the MSP platform needs to download it using an HTTP request, then decrypt it using a cypher library. After decrypting the attachment, the MSP platform can forward the message to the business.

When using Server Name Indication (SNI) (RFC 6066), upload the request in a secured TLS connection to the returned download URL. The TLS client should set the TLS server hostname from the extracted hostname for the download URL.

First, download the attached file by sending a GET request to the URL returned by /preDownload. This request returns an encrypted file.

Then, using a cypher library, decrypt the file by using the AES/CTR/NoPadding algorithm with an all-zero, 16-byte initialization vector (IV) with the key value in the Attachment dictionary for the downloaded attachment.

Finally, forward the message with the decrypted attachment to the business.

preDownloadResponseBody

Response body should be empty.

Declaration

object preDownloadResponseBody

Tutorial Exercise

For more help or guidance, see our Tutorial: Sending and Receiving Messages.