1

Hi I need help for my Android App. I work with Firebase Push notification and unfortunately found only one way to send push notifications - from the website itself.

i like to create a function that u can enter title and content to send push notifications to all of my app users.

Goal: an admin screen. Enter Title: this is an edittext with title Enter Content: this is an edittext with content Send button - this will send the notification to all of the app users.

is there a way to do so? Thank you!

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Ben Behor
  • 21
  • 4
  • There is no secure way to send messages to devices with just FCM from the device itself. Sending a message **to** a device requires that you specify the FCM server key. As its name implies, this key should only be used on a trusted environment, such as your development machine, a server you control, or Cloud Functions. The typical flow is that your app calls a Cloud Function, or writes to a database which triggers a Cloud Function. The Cloud Function then checks if the content is OK, and calls the FCM API to send the message. – Frank van Puffelen Mar 09 '20 at 14:41
  • @FrankvanPuffelen why isn't there a secure API for it then? Using Cloud Functions just for that seems like an overkill tbh... – Pavlo Zin Mar 09 '20 at 16:53
  • 1
    If you'd like that feature to be added (I definitly would love to see it), the best you can do is to [file a feature request](https://firebase.google.com/support/contact/bugs-features/). – Frank van Puffelen Mar 09 '20 at 16:56

1 Answers1

0

You can send push notification from device using POST request to this URL:

https://fcm.googleapis.com/fcm/send

You'll need to provide these headers:

Authorization: key="Firebase server key"
Content-Type: application/json

And the request body with Notification message and other additional info:

{
  "to": "/topics/topic_name",
  "data": {
    "title": "Notification title",
     "message": "Notification message",
     "key1" : "value1",
     "key2" : "value2" //additional data you want to pass
  }
}

You can find more info in this Medium article.

Pavlo Zin
  • 762
  • 6
  • 25
  • 1
    Doing this from the device itself means that you're including the FCM server key into the app that you send to your users. That is a *security risk*, as a malicious who gets your app can now get that key and use it to send any message they want to all users of the app. – Frank van Puffelen Mar 09 '20 at 14:39
  • @Frank van Puffelen - In this person’s case - to build an admin screen - could the risk not be mitigated by having the app retrieve the FCM server key from the Firestore database *only* for admin users? That way the key is not compiled into the app - and it is protected by the Firestore database rules. – Jim Sep 01 '21 at 15:32
  • Hmm,... interesting idea Jim. – Frank van Puffelen Sep 01 '21 at 15:42