Introduction

EndpointDisabled in Amazon SNS usually appears when you publish to a mobile push endpoint that SNS has marked as disabled. In practice, that often means the device token is invalid, stale, or associated with an app installation that no longer exists on the device.

What EndpointDisabled Usually Means

For mobile push, SNS manages platform endpoints that represent device tokens for APNs, FCM, and similar services. If the underlying push provider reports that the token is no longer valid, SNS can disable the endpoint.

Common reasons include:

• the app was uninstalled
• the device token changed
• the stored token is outdated
• the endpoint was disabled after repeated delivery failures

So the real problem is usually token freshness, not the SNS topic itself.

Detect the Problem by Reading the Exception

When publishing with an invalid or disabled endpoint, the AWS SDK typically returns an error you can catch.

1import boto3
2from botocore.exceptions import ClientError
3
4sns = boto3.client('sns')
5
6try:
7    sns.publish(
8        TargetArn='arn:aws:sns:us-east-1:123456789012:endpoint/APNS/myapp/abc123',
9        Message='hello'
10    )
11except ClientError as exc:
12    print(exc.response['Error']['Code'])
13    print(exc.response['Error']['Message'])

If the code is EndpointDisabled, treat that as a signal to inspect and refresh the endpoint rather than simply retrying the same publish forever.

Check the Endpoint Attributes

A good next step is to query the endpoint and inspect its current state.

1attrs = sns.get_endpoint_attributes(
2    EndpointArn='arn:aws:sns:us-east-1:123456789012:endpoint/APNS/myapp/abc123'
3)
4
5print(attrs['Attributes'])

The attributes commonly include values such as:

• 'Token'
• 'Enabled'
• 'CustomUserData'

If Enabled is false, SNS has already disabled that endpoint.

Do Not Blindly Re-Enable Without a Fresh Token

A common mistake is to immediately set Enabled=true and keep the old token.

1sns.set_endpoint_attributes(
2    EndpointArn=endpoint_arn,
3    Attributes={
4        'Enabled': 'true'
5    }
6)

That may temporarily change the flag, but if the token is still invalid, the endpoint can just fail again.

The safer pattern is:

1. get the current device token from the mobile app
2. compare it with the SNS endpoint token
3. update the endpoint if the token changed
4. re-enable the endpoint only once the token is current

Update the Token and Re-Enable

1sns.set_endpoint_attributes(
2    EndpointArn=endpoint_arn,
3    Attributes={
4        'Token': new_device_token,
5        'Enabled': 'true'
6    }
7)

This is the usual repair step when the application has a newer token from the device.

If the user has reinstalled the app or the push platform rotated the token, this is often the real fix.

The Registration Flow Matters

A healthy mobile-push system does not treat tokens as permanent. The app should send the current token to your backend whenever the platform reports a refresh or whenever the app starts up and the token might have changed.

That backend should then:

• create the platform endpoint if needed
• store the endpoint ARN
• update the token when it changes
• stop sending to stale endpoints forever

That is how you reduce the frequency of EndpointDisabled in the first place.

Create Endpoints Idempotently

A common operational pattern is to call CreatePlatformEndpoint when the app registers for push and then store the resulting ARN. In later runs, you can fetch the endpoint attributes and update them if the device token changed.

The important point is to treat the endpoint as a long-lived SNS object whose token still needs periodic maintenance.

Clean Up Old Endpoints

If an endpoint is permanently invalid and you no longer expect the device to recover, deleting or replacing it may be the cleanest option.

Leaving large numbers of dead endpoints around can complicate operational visibility and make publish failures noisier than they need to be.

In practice, teams often keep a mapping of user or device identity to current endpoint ARN and refresh that mapping whenever the mobile app sends an updated token.

Common Pitfalls

One common mistake is treating EndpointDisabled as a transient error and blindly retrying publishes.

Another pitfall is re-enabling the endpoint without updating the token first. If the token is stale, the problem just comes back.

A third issue is not handling token refresh in the mobile app and backend registration flow, which guarantees stale endpoints over time.

Finally, do not assume SNS is inventing the failure arbitrarily. In mobile push systems, a disabled endpoint usually reflects a real invalidation signal from the push platform or from delivery history.

Summary

• 'EndpointDisabled usually means the SNS mobile push endpoint has been disabled because the stored token is no longer usable.'
• Inspect the endpoint attributes to confirm whether the endpoint is disabled and what token it currently holds.
• The proper fix is usually to update the token and then re-enable the endpoint, not to retry publishes blindly.
• A strong registration flow keeps endpoint ARNs and device tokens in sync over time.
• Treat stale mobile tokens as a normal operational problem, not as a rare SNS anomaly.