1

When i create a new project in Firebase console, it generates a cloud messaging api key by default. Take my key per ex:

CM Key on Firebase Console

This key is also created in the google api managers console, same key per ex:

Key in Google API manager

It's all good, but I'm gonna be using this key to send pushes on a webpage (FCM API using javascript), so I want to restrict the requests from my website.

The problem is, if I take my key and apply a restriction on it on API manager console, Firebase generates a new key (both in Firebase console - cloud message and API manager console), to be used. The old key that is restricted does not work, I only get HTTP 403 on request, but the new one(unrestricted) works 100%.

So my question is, how to restrict a FCM Server key? Is there any other way?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
ERPGeekMobile
  • 19
  • 2

1 Answers1

0

FCM Server key does not support restrictions.

The best way is to use the FCM server key from your application server, and not from a client like a web page or a web app. You can then make the application server available to the client via a custom API, and you can control the authentication process between the client and the backend.

Diego Giorgini
  • 12,489
  • 1
  • 47
  • 50