We are implementing starting an activity via Push-To-Start. For the most part it works great, however we have run into a few edge cases. Currently, we send the "start activity" push notification and it creates the Activity as expected. If the app doesn't send an update token w/in a configured time, we assume the activity didn't start and try to start the activity again. Occasionally we get into a situation where there have been multiple activities started, but it should really only be one. Here is my theory: We store an auth token in the keychain for all REST endpoints if the phone has been restarted and not unlocked, the app doesn't have access to the auth token and fails to send the update token to our backend. Are there any best practices on how to manage PTS and UPDATE tokens? (updating these w/o authentication seems problematic)