Skip to main content

Device to Device Push Notifications in Swift with Firebase

· 2 min read
Full Stack Developer

Device-to-device notifications are useful when one user's action should notify another user. Common examples include:

  • receiving a chat message;
  • receiving a follow or friend request;
  • getting a new match in a dating app.

Do not send FCM requests directly from the iOS app. FCM credentials authorize privileged sends and must never be embedded in an IPA. The secure architecture is:

  1. The iOS app registers with Firebase Messaging and sends its registration token to your authenticated backend.
  2. The backend stores the token against the owning user or installation and updates it when Firebase rotates it.
  3. When an authorized event occurs, such as a new chat message, the backend decides which user may be notified.
  4. A trusted environment sends the notification with the Firebase Admin SDK or the FCM HTTP v1 API.
  5. The backend removes invalid tokens and retries transient delivery errors with backoff.

For example, a trusted Node.js service can send to a registration token with the Firebase Admin SDK:

import {getMessaging} from 'firebase-admin/messaging'

await getMessaging().send({
token: recipientRegistrationToken,
notification: {
title: 'New message',
body: 'You received a new chat message.',
},
data: {
conversationId,
},
})

The server must derive recipientRegistrationToken from an authorized application event. Do not accept an arbitrary target token from an untrusted client. Use Application Default Credentials, Workload Identity, or securely stored server credentials rather than shipping a service-account file or access token in the app.

Firebase documents the supported architecture in Your server environment and FCM and the FCM HTTP v1 API guide.

On the client, handle token refreshes, foreground and background delivery, notification permissions, and navigation from notification data. Test the complete flow on supported iOS versions and on physical devices before release.