Multitenant web-push delivery for Dreams Engine news sites — WordPress, Next.js, or legacy. Subscriptions, per-tenant VAPID, idempotent publish, and delivery stats behind a single HTTP API.
One deployment serves every property. Tenant-scoped data, per-tenant VAPID identity and origins.
Any frontend integrates over HTTP — no per-CMS plugin required. WordPress/HE, Next.js, or legacy.
HMAC-signed webhook with a required Idempotency-Key. CMS retries never double-send.
Dead endpoints (410 Gone) are pruned automatically, so subscriber lists stay clean.
Subscribers by category, sent / failed / pruned counts, and click-through rate per tenant.
Per-tenant VAPID private keys and publish secrets are envelope-encrypted at rest.
The service generates a VAPID keypair and a publish secret. The property gets a public key and an API secret (shown once).
The property frontend asks permission on intent, then POSTs the browser PushSubscription to the service.
On publish, the CMS sends an HMAC-signed webhook with the article. The service enqueues a delivery.
The service signs with the tenant's VAPID key, delivers to every matching subscriber, prunes dead endpoints, and records stats.
curl -X POST https://push.dreamsengine.io/v1/cobertura/publish \
-H "Idempotency-Key: $POST_GUID" \
-H "X-DPE-Signature: $(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')" \
-H "Content-Type: application/json" \
-d "$BODY"
# -> 202 { "delivery_id": "..." }