GCM API key, registration ids to third party server

Question

How safe to provide GCM API key and GCM registration keys to third party servers (other than internal servers) ? Also, Do I need to create new API key for 3rd party server ? I need to understand how an untrusted server can misuse the GCM registration key.

Possible duplicate of [FCM Security: Prevent multiple senders from pushing notifications to all devices?](https://stackoverflow.com/questions/43523967/fcm-security-prevent-multiple-senders-from-pushing-notifications-to-all-devices) — AL., Jun 29 '17 at 07:14

score 0 · Answer 1 · answered Jun 29 '17 at 07:18

0

Yes you can create API keys for every server, so that GCM will respond to only those server which were listed on your console

answered Jun 29 '17 at 07:18

Lakhwinder Singh

6,799
4
25
42

score 0 · Accepted Answer · answered Jul 02 '17 at 15:30

If you provide the GCM API Key to a third party server, this server will be able to

send notifications to the GCM registrations ids
send notifications to topics
subscribe / unsubscribe GCM registrations ids to topics

You can create a GCM API Key for every server,
so that you can invalidate it when your trust relationships ends.

GCM API key, registration ids to third party server

2 Answers2