diff --git a/front/php/server/db.php b/front/php/server/db.php
index 89d4d906..b25f39fb 100755
--- a/front/php/server/db.php
+++ b/front/php/server/db.php
@@ -1,7 +1,7 @@
 <?php
 //------------------------------------------------------------------------------
 //  NetAlertX
-//  Open Source Network Guard / WIFI & LAN intrusion detector 
+//  Open Source Network Guard / WIFI & LAN intrusion detector
 //
 //  db.php - Front module. Server side. DB common file
 //------------------------------------------------------------------------------
@@ -71,7 +71,7 @@ function SQLite3_connect($trytoreconnect = true, $retryCount = 0) {
         if (!is_dir($lockDir) && !@mkdir($lockDir, 0775, true)) {
             die("Log directory not found and could not be created: $lockDir");
         }
-       
+
 
         // Write unlock status to the locked file
         file_put_contents($DBFILE_LOCKED_FILE, '0');
@@ -97,14 +97,14 @@ function SQLite3_connect($trytoreconnect = true, $retryCount = 0) {
         } else {
             // Maximum retries reached, hide loading spinner and show failure alert
             $message = 'Failed to connect to database after ' . $retryCount . ' retries.';
-            write_notification($message);
+            displayInAppNoti($message);
             return false; // Or handle the failure appropriately
         }
     }
 }
 
 //------------------------------------------------------------------------------
-// ->query override to handle retries 
+// ->query override to handle retries
 //------------------------------------------------------------------------------
 class CustomDatabaseWrapper {
     private $sqlite;
@@ -123,72 +123,72 @@ class CustomDatabaseWrapper {
       // Check if the query is an UPDATE, DELETE, or INSERT
       $queryType = strtoupper(substr(trim($query), 0, strpos(trim($query), ' ')));
       $isModificationQuery = in_array($queryType, ['UPDATE', 'DELETE', 'INSERT']);
-  
+
       $attempts = 0;
         while ($attempts < $this->maxRetries) {
 
           $result = false;
 
           try {
-            $result = $this->sqlite->query($query);   
+            $result = $this->sqlite->query($query);
           } catch (Exception $exception) {
             // continue unless maxRetries reached
             if($attempts > $this->maxRetries)
             {
               throw $exception;
-            }            
-          }                     
+            }
+          }
 
           if ($result !== false and $result !== null) {
 
             $this->query_log_remove($query);
-              
+
             return $result;
           }
 
-          $this->query_log_add($query);          
+          $this->query_log_add($query);
 
           $attempts++;
           usleep($this->retryDelay * 1000 * $attempts); // Retry delay in milliseconds
         }
 
         // If all retries failed, throw an exception or handle the error as needed
-        // Add '0' to indicate that the database is not locked/execution failed 
+        // Add '0' to indicate that the database is not locked/execution failed
         file_put_contents($DBFILE_LOCKED_FILE, '0');
 
-        $message = 'Error executing query (attempts: ' . $attempts . '), query: ' . $query;        
+        $message = 'Error executing query (attempts: ' . $attempts . '), query: ' . $query;
         // write_notification($message);
-        error_log("Query failed after {$this->maxRetries} attempts: " . $this->sqlite->lastErrorMsg());        
+        error_log("Query failed after {$this->maxRetries} attempts: " . $this->sqlite->lastErrorMsg());
         return false;
     }
 
     public function query_log_add($query)
     {
         global $DBFILE_LOCKED_FILE;
-    
+
         // Remove new lines from the query
         $query = str_replace(array("\r", "\n"), ' ', $query);
-    
+
         // Generate a hash of the query
         $queryHash = md5($query);
-    
+
         // Log the query being attempted along with timestamp and query hash
         $executionLog = "1|" . date('Y-m-d H:i:s') . "|$queryHash|$query";
         error_log("Attempting to write '$executionLog' to execution log file after failed query: $query");
         file_put_contents($DBFILE_LOCKED_FILE, $executionLog . PHP_EOL, FILE_APPEND);
         error_log("Execution log file content after failed query attempt: " . file_get_contents($DBFILE_LOCKED_FILE));
     }
-    
+
     public function query_log_remove($query)
     {
         global $DBFILE_LOCKED_FILE;
 
         // Remove new lines from the query
         $query = str_replace(array("\r", "\n"), ' ', $query);
-    
+
         // Generate a hash of the query
         $queryHash = md5($query);
-    
+
         // Remove the entry corresponding to the finished query from the execution log based on query hash
         $executionLogs = file($DBFILE_LOCKED_FILE, FILE_IGNORE_NEW_LINES);
         $executionLogs = array_filter($executionLogs, function($log) use ($queryHash) {
@@ -218,8 +218,8 @@ function OpenDB($DBPath = null) {
     if (strlen($DBFILE) == 0) {
         $message = 'Database not available';
         echo '<script>alert("'.$message.'")</script>';
-        write_notification($message);
-        
+        displayInAppNoti($message);
+
         die('<div style="padding-left:150px">'.$message.'</div>');
     }
 
@@ -228,7 +228,7 @@ function OpenDB($DBPath = null) {
     } catch (Exception $e) {
         $message = "Error connecting to the database";
         echo '<script>alert("'.$message.': '.$e->getMessage().'")</script>';
-        write_notification($message);
+        displayInAppNoti($message);
         die('<div style="padding-left:150px">'.$message.'</div>');
     }
 
diff --git a/front/php/server/util.php b/front/php/server/util.php
index ba62f937..96a4091c 100755
--- a/front/php/server/util.php
+++ b/front/php/server/util.php
@@ -44,67 +44,7 @@ switch ($FUNCTION) {
 }
 
 
-// ----------------------------------------------------------------------------------------
-// 🔺----- API ENDPOINTS SUPERSEDED -----🔺
-// check server/api_server/api_server_start.py for equivalents
-// equivalent: /messaging/in-app/write
-// 🔺----- API ENDPOINTS SUPERSEDED -----🔺
-function displayMessage($message, $logAlert = FALSE, $logConsole = TRUE, $logFile = TRUE, $logEcho = FALSE)
-{
-  global $logFolderPath, $log_file, $timestamp;
 
-  // sanitize
-  $message = str_replace(array("\n", "\r", PHP_EOL), '', $message);
-
-  echo "<script>function escape(html, encode) {
-    return html.replace(!encode ? /&(?!#?\w+;)/g : /&/g, '&amp;')
-      .replace(/\t/g, '')
-  }</script>";
-
-  // Javascript Alert pop-up
-  if($logAlert)
-  {
-    echo '<script>alert(escape("'.$message.'"));</script>';
-  }
-
-  // F12 Browser dev console
-  if($logConsole)
-  {
-    echo '<script>console.log(escape("'.str_replace('"',"'",$message).'"));</script>';
-  }
-
-  //File
-  if($logFile)
-  {
-
-    if (is_writable($logFolderPath.$log_file)) {
-
-
-        if(file_exists($logFolderPath.$log_file) != 1) // file doesn't exist, create one
-        {
-          $log = fopen($logFolderPath.$log_file, "w") or die("Unable to open file!");
-        }else // file exists, append
-        {
-          $log = fopen($logFolderPath.$log_file, "a") or die("Unable to open file - Permissions issue!");
-        }
-
-        fwrite($log, "[".$timestamp. "] " . str_replace('<br>',"\n   ",str_replace('<br/>',"\n   ",$message)).PHP_EOL."" );
-        fclose($log);
-
-    } else {
-        echo 'The file is not writable: '.$logFolderPath.$log_file;
-    }
-
-
-  }
-
-  //echo
-  if($logEcho)
-  {
-    echo $message;
-  }
-
-}
 
 
 // -------------------------------------------------------------------------------------------
@@ -118,12 +58,12 @@ function saveSettings()
 
   if(file_exists( $fullConfPath) != 1)
   {
-    displayMessage('File "'.$fullConfPath.'" not found or missing read permissions. Creating a new <code>'.$config_file.'</code> file.', FALSE, TRUE, TRUE, TRUE);
+    displayInAppNoti('File "'.$fullConfPath.'" not found or missing read permissions. Creating a new config file.', 'warning');
   }
   // create a backup copy
   elseif (!copy($fullConfPath, $new_location))
   {
-    displayMessage("Failed to copy file ".$fullConfPath." to ".$new_location." <br/> Check your permissions to allow read/write access to the /config folder.", FALSE, TRUE, TRUE, TRUE);
+    displayInAppNoti("Failed to copy file ".$fullConfPath." to ".$new_location." Check your permissions to allow read/write access to the /config folder.", 'error');
   }
 
 
@@ -277,5 +217,40 @@ function encode_single_quotes ($val) {
   $result = str_replace ('\'','{s-quote}',$val);
   return $result;
 }
+// -------------------------------------------------------------------------------------------
+// Helper function to send notifications via the backend API endpoint
+// -------------------------------------------------------------------------------------------
+function displayInAppNoti($message, $level = 'error') {
+    try {
+        $apiBase = getSettingValue('BACKEND_API_URL') ?: 'http://localhost:20212';
+        $apiToken = getSettingValue('API_TOKEN') ?: '';
 
+        if (empty($apiToken)) {
+            // If no token available, silently fail (don't break the application)
+            return;
+        }
+
+        $url = rtrim($apiBase, '/') . '/messaging/in-app/write';
+        $payload = json_encode([
+            'message' => $message,
+            'level' => $level
+        ]);
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            'Content-Type: application/json',
+            'Authorization: Bearer ' . $apiToken,
+            'Content-Length: ' . strlen($payload)
+        ]);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
+
+        curl_exec($ch);
+        curl_close($ch);
+    } catch (Exception $e) {
+        // Silently fail if notification sending fails
+    }
+}
 ?>
diff --git a/front/plugins/sync/hub.php b/front/plugins/sync/hub.php
index bc09428a..6c97b7fb 100755
--- a/front/plugins/sync/hub.php
+++ b/front/plugins/sync/hub.php
@@ -17,7 +17,7 @@ function checkAuthorization($method) {
     if ($auth_header !== $expected_token) {
         http_response_code(403);
         echo 'Forbidden';
-        write_notification("[Plugin: SYNC] Incoming data: Incorrect API Token (".$method.")", "alert");
+        displayInAppNoti("[Plugin: SYNC] Incoming data: Incorrect API Token (".$method.")", "error");
         exit;
     }
 }
@@ -56,7 +56,7 @@ if ($method === 'GET') {
     // Return JSON response
     jsonResponse(200, $response_data, 'OK');
 
-    write_notification("[Plugin: SYNC] Data sent", "info");
+    displayInAppNoti("[Plugin: SYNC] Data sent", "info");
 
 }
 // receiving data (this is a HUB)
@@ -93,11 +93,11 @@ else if ($method === 'POST') {
     file_put_contents($file_path_new, $data);
     http_response_code(200);
     echo 'Data received and stored successfully';
-    write_notification("[Plugin: SYNC] Data received ({$file_path_new})", "info");
+    displayInAppNoti("[Plugin: SYNC] Data received ({$file_path_new})", "info");
 
 } else {
     http_response_code(405);
     echo 'Method Not Allowed';
-    write_notification("[Plugin: SYNC] Method Not Allowed", "alert");
+    displayInAppNoti("[Plugin: SYNC] Method Not Allowed", "error");
 }
 ?>