I have been using FCM to deliver notifications that uses POST requests that require FCMs server key. How do I still send notifications without having the fcm server key client side for security reasons?
Asked
Active
Viewed 583 times
0
-
1Store it in your server. Let your client device so a request to your server which will then forward the request to fcm. – kks21199 Nov 07 '18 at 04:28
1 Answers
1
There is no way to securely send messages from one client device to another client device with FCM. You always need a trusted environment (such as a server that you control, your own development machine, or Cloud Functions) to do that, where you can enforce whatever "who can send to whom" rules you want.
For more on this, see:
- Sending notifications between Android devices with Firebase Database and Cloud Messaging
- How to send device to device messages using Firebase Cloud Messaging?
- How to send Device to device notification by using FCM without using XMPP or any other script.? Note the downvotes on the accepted answer: while this technically works (and may be what you are doing), it is not secure and puts you at a serious risk of allowing a malicious actor to send messages to your users on your behalf.
Frank van Puffelen
- 565,676
- 79
- 828
- 807
-
Frank.Thank you for the quick and thorough response. I will look into hosting script through Cloud Functions to achieve this level of security. – Landon Carr Nov 07 '18 at 06:04