I've checked through other questions and responses here at StackOverflow but couldn't see something exactly like this; I would like to be able to push a token via APNS. The purpose of this is to verify that a subsequent user request to a restful web service comes from an iPhone device and not from a non-iPhone source (it's trivial to change HTTP headers to fake looking like an iPhone request).

Couple of questions:

1. Is it permissible under Apple Guidelines to insist that push notifications be enabled ?
2. Is it possible to send a SILENT push notification carrying some small text payload?
3. Does anyone know if this would pass Apple's scrutiny or run afoul of their guidelines

Many thanks.

1. You cannot force user to accept push. A user always has option to refuse.
2. Yes you can send a notification with no sound / text, and add metadata.
3. Yes, sending a token seems an acceptable use for Apple.

However, I do not personally think this use case does cleverly fit the push use case at all. You will have to many edge case to make it reliable enough (delivery delay and non garantee of delivery, etc)

It is easier to have other mechanisms in place (like secret + signature in the URL by the app).

I see that folks are still looking at this question. FYI, for enterprise dev which is the area I mostly work in, you simply register the iOS app as a VOIP app and it will accept silent notifications without a need for the user to approve.