We do not offer any device token migration because its unnecessary. Once your clients connect with the appropriate App ID the token will be uploaded and you'll be all set.
You can upload the APNS credentials across apps and a given device token can appear across them. This works because there are multiple levels of peering involved:
- The device token is bound to your app's bundle identifier and the certificate issued by Apple.
- The APNS certificate is uploaded by you into the dashboard, forming a link between your Layer App ID and the APNS certificate.
- The device token is uploaded via the SDK each time you connect, linking the device token to the App ID and by extension your APNS certificate.
Whenever a message is sent that needs an associated push, we look up all participants and then fan out push notifications to all device tokens associated with them. The first time we are delivering to a device token we do not know which APNS certificate it is associated with (as you may have multiple uploaded), so we do an A/B test to determine which certificate "owns" the device token. Once we find a match we can directly push to that device using the credentials.
This is secure because all of the pieces of information need to match for the push to be received successfully. We can't push to a device without the certificate, device token, and an appropriately signed build on the device.
We don't enforce any sort of uniqueness across accounts so if you upload the credentials and token to multiple accounts / apps you'll just be able to use those associated App ID's with any appropriately signed build.