The Unified Push Server has HTTP interface which receives messages.

This HTTP interface needs to be prototected, so that only authorized developers can send messages to that http-endpoint.

Besides simple "auth" (e.g. basic/oauth or similar), we also talked about client access keys.

Each server application, allowed to SEND messages to the UnifiedPush-Server, will need such a key.