Skip to main content

Push Notifications Setup

Flutter apps receive Firebase Cloud Messaging notifications through a client registration token. The app can request permission, obtain that token, and send it to your authenticated backend. The privileged send operation must run outside the mobile application.

Use a trusted sending environment

  1. Configure your own Firebase project and add its Android and iOS client configuration files to the Flutter project.
  2. Request notification permission where the platform requires it.
  3. Obtain the current FCM registration token and associate it with the signed-in user on your backend.
  4. Send notifications from a trusted environment with the Firebase Admin SDK or the FCM HTTP v1 API.
  5. Refresh saved tokens when Firebase rotates them and remove tokens reported as invalid.

Do not put a Firebase server key, service-account credential, or authorization token in Dart source code. Values shipped in a mobile bundle can be extracted by anyone who downloads the app. Keep server credentials in your backend's secret store and authorize every request that can trigger a notification.

Use Firebase's current guides for the supported architecture:

Platform setup