Trying to send notification from user to user FCM

Question

I am trying to send a notification to a user but I am unsure if i am using correct approach as from running this code there is no new notifications in firebases console. I am able to pass the token of the destination and title and body however i am not sure if the post request is correct. Any advice would be great thanks.

public class ClientNotifications extends AsyncTask<String, Void, String> {


    String token;
    String titles;
    String body;
    public ClientNotifications(String token,String title,String body)
    {
        this.token = token;
        this.titles=title;
        this.body=body;
    }

    @Override
    protected String doInBackground(String[] params) {

        JsonObject jsonObj = new JsonObject();
        // client registration key is sent as token in the message to FCM server
        jsonObj.addProperty("token", token);

        JsonObject notification = new JsonObject();
        notification.addProperty("body", body);
        notification.addProperty("title", titles);
        jsonObj.add("notification", notification);

        JsonObject message = new JsonObject();
        message.add("message", jsonObj);

        final MediaType mediaType = MediaType.parse("application/json");

        OkHttpClient httpClient = new OkHttpClient();
        try {
            Request request = new Request.Builder().url("https://fcm.googleapis.com/v1/projects/yourfirebaseproject/messages:send")
                    .addHeader("Content-Type", "application/json; UTF-8")
                    .addHeader("Authorization", "Bearer " + "key")
                    .post(RequestBody.create(mediaType, message.toString())).build();

            Response response = httpClient.newCall(request).execute();
            if (response.isSuccessful()) {

            }

        } catch (IOException e) {
            Log.e("HI",e.toString());
        }

        return message.toString();

    }

    @Override
    protected void onPostExecute(String message) {

    }
}

Checkout this article https://blog.usejournal.com/send-device-to-device-push-notifications-without-server-side-code-238611c143 — Rajnish suryavanshi, Mar 22 '20 at 18:32
This is the right url => https://fcm.googleapis.com/fcm/send — Kasım Özdemir, Mar 22 '20 at 18:37

score 1 · Answer 1 · answered Mar 22 '20 at 18:38

1

This isn't going to work:

.addHeader("Authorization", "Bearer " + "key")

You would need to pass the actual server key here, not just the string "key".

It's worth pointing out that you're not supposed to provide this key to your client application, as that's a security hole. The end user should never be able to get a hold of server keys that give privileged access to APIs. Your client app should instead invoke a secure backend to do the work of sending the message.

Also I will point out that you're not actually checking for errors in the request. The result of the call to FCM should tell you in more detail what you did wrong (but passing the string "key" is definitely not right).

answered Mar 22 '20 at 18:38

Doug Stevenson

297,357
32
422
441

thanks for the feedback, i originally just used key as a place holder instead of putting my exact key on here – M4rkus123 Mar 22 '20 at 18:41
*firebaser here* As Doug said putting your FCM server key in a client-side application is a huge security risk, as it allows a malicious user of your app to send any of their messages to any of your users. In fact, I was just helping a developer whose app had gotten a significant number of users change their FCM configuration keys this week because they had done this in early releases of their app, and who were seeing precisely this abuse by a malicious user. – Frank van Puffelen Mar 22 '20 at 21:32
Thanks for the advise, @Frank van Puffelen, so I should be storing this key server side? – M4rkus123 Mar 22 '20 at 21:54
Yes. Also see https://stackoverflow.com/questions/37990140/how-to-send-one-to-one-message-using-firebase-messaging/37993724#37993724 – Frank van Puffelen Mar 22 '20 at 21:59

score 0 · Answer 2 · answered Mar 22 '20 at 18:47

JsonObject jsonObj = new JsonObject();
    jsonObj.addProperty("to", token);
    jsonObj.addProperty("content-available", true);
    jsonObj.addProperty("priority", "high");

    JsonObject notification = new JsonObject();
    notification.addProperty("body", body);
    notification.addProperty("title", titles);
    jsonObj.add("notification", notification);

    final MediaType mediaType = MediaType.parse("application/json");

    OkHttpClient httpClient = new OkHttpClient();
    try {
        Request request = new Request.Builder().url("https://fcm.googleapis.com/fcm/send")
                .addHeader("Content-Type", "application/json; UTF-8")
                .addHeader("Authorization", "key=your_key")
                .post(RequestBody.create(mediaType, jsonObj.toString())).build();

        Response response = httpClient.newCall(request).execute();
        if (response.isSuccessful()) {

        }

    } catch (IOException e) {
        Log.e("HI",e.toString());
    }

I fixed what I can see. Good luck

Trying to send notification from user to user FCM

2 Answers2