Push Notifications Setup
Flutter apps receive Firebase Cloud Messaging notifications through a client registration token. The app can request permission, obtain that token, and send it to your authenticated backend. The privileged send operation must run outside the mobile application.
Use a trusted sending environment
- Configure your own Firebase project and add its Android and iOS client configuration files to the Flutter project.
- Request notification permission where the platform requires it.
- Obtain the current FCM registration token and associate it with the signed-in user on your backend.
- Send notifications from a trusted environment with the Firebase Admin SDK or the FCM HTTP v1 API.
- Refresh saved tokens when Firebase rotates them and remove tokens reported as invalid.
Do not put a Firebase server key, service-account credential, or authorization token in Dart source code. Values shipped in a mobile bundle can be extracted by anyone who downloads the app. Keep server credentials in your backend's secret store and authorize every request that can trigger a notification.
Use Firebase's current guides for the supported architecture: