FCM Authentication is one of the methods to enable sending Push notifications to your app installed on Android devices. The FCM Authentication token is used to authorize server requests to Firebase services. You must generate the authentication token and upload it to the MoEngage Dashboard to send Push notifications to Android users.
library_add_check |
Prerequisites You have an app created on the Firebase console. |
Authorize Server Requests to Firebase Services
You can authorize server requests to Firebase services using one of the following methods:
- Private key: A service account JSON file that contains the details of the Private key generated for authenticating the service account.
-
Server key: With the HTTP legacy protocol, each request must contain the Server key from the Cloud Messaging tab of the Firebase console Settings pane.
warning Critical
This method was deprecated by FCM on June 20, 2023 and will be removed on June 21, 2024.
Steps to Generate a Private Key
- Login to the Firebase console with your credentials.
- Select your project.
- In the top left pane, click the settings icon beside Project Overview.
- Select Project settings.
- In the Project Settings page, navigate to the Service accounts tab.
- Click Generate new private key. The language you select doesn't matter because we just download the JSON file. The language you select provides you a sample code if you are implementing the FCM communication. MoEngage already does this for you, so select any language and generate the key.
- Confirm the same by clicking Generate Key. This will generate a JSON file containing the Private key.
- Download the JSON file and upload it to the MoEngage Dashboard in the following navigation:
-
New UI:
Settings > Channel > Push > App Push > Android > FCM Authentication > Private key file (Recommended)
-
Old UI:
Settings > Channel > Push > Mobile Push > Android > FCM Authentication > Private key file (Recommended)
-
New UI:
- After the JSON is configured, enable FCM in the cloud console.
warning |
Critical Sending messages (including upstream messages) with the FCM XMPP and HTTP legacy APIs was deprecated on June 20, 2023 and will be removed on June 21, 2024. Refer to Deprecation of Legacy HTTP API. We strongly recommend the Private key for any request sent to Firebase services. |
Steps to Find an FCM Server Key
- Login to the Firebase console with your credentials.
- Select your Project.
- In the top left pane, click the settings icon beside Project Overview.
- Select Project settings.
- In the Project Settings page, navigate to the Cloud Messaging tab.
- Copy the Server key from the Project credentials section and add it to the MoEngage Dashboard in the following navigation:
-
New UI:
Settings > Channel > Push > App Push > Android (FCM) > FCM Configuration > FCM Server Key (Legacy)
-
Old UI:
Settings > Channel > Push > Mobile Push > Android > FCM Authentication > FCM Server Key (Legacy)
-
New UI:
- Navigate to the General tab in Project settings.
- Select the Android app to be added to Firebase. The first step is the registration process. Add the package name of your app while registering the app.
- After the registration is successful, you can download the config file, google-services.json.
- Place this file in your app's root module.
Changes in Sending Speed with Private Key Configuration
The Firebase Cloud Messaging API has a default rate limit of 600,000 requests per minute. For more information, refer here. If your account reaches that limit, FCM may drop those notifications with the following error:
Error | Description |
---|---|
FCM Message rate exceeded (Quotaexceededforquotametric…) |
Sending speed is exceeding the service capacity for your FCM account. Requests beyond serving capacity are rejected to limit the ingress flow rate. This happens because of multiple campaigns being triggered at the same time at high speeds. Consider spacing out campaigns or reducing request limits in the campaign delivery control. |
info |
Information With the reduction in default FCM API rate limits to 600,000 RPM, we will be changing the maximum allowed throttle speed for Push notifications to 500,000 RPM to ensure a single campaign does not breach the project limit. This change will apply to new and existing campaigns. You may still see drops because of multiple campaigns being triggered together. |
To reduce such errors, you can take one of the following approaches depending on your use case:
-
Reduce the campaign sending speed
If you are seeing 'FCM Message rate exceeded' a lot in one-time and periodic campaigns, you might be exceeding the sending capacity beyond your allotted quota. We recommend reducing the request limits in the campaign delivery control to avoid exceeding the quota.
Because of the default rate limit of 600,000 requests per minute for FCM, we recommend setting it to a lower limit (~200,000 requests per minute) to accommodate other parallel requests such as event-triggered, business event-triggered, and flow-triggered campaigns. -
Space out one-time and periodic campaigns
If you are seeing 'FCM Message rate exceeded' a lot in one-time and periodic campaigns, you might be scheduling multiple campaigns that are being sent out at the same time, which is increasing your overall sending speed. Therefore, space out one-time and periodic campaigns. -
Request a rate limit increase from FCM
To check your current limit, go to Google Cloud console > APIs & Services > Firebase Cloud Messaging API > Quotas & System Limits or directly to https://console.cloud.google.com/apis/api/fcm.googleapis.com/quotas and see the value for Send requests per minute.
To request a rate limit increase beyond 600,000 RPM, contact Firebase Support.
FAQs
MoEngage SDKs are already compliant with these changes from FCM. You need not update MoEngage SDK when you switch to the Private key authentication mechanism.
The Server Key or Auth key is a mechanism to authenticate MoEngage to send requests to FCM on behalf of your account. It works at an account level and not at an end-user level or device level.
When the you switch from Server key to Private key, all requests will be transferred to Auth key mechanism with no impact on the end user or device.
Sending messages (including upstream messages) with the FCM XMPP and HTTP legacy APIs was deprecated on June 20, 2023 and will be removed on June 21, 2024. Refer to Deprecation of Legacy HTTP API. We strongly recommend the Private key for any request sent to Firebase services as soon as possible.
The FCM Server key mechanism will be deprecated on June 21, 2024. After that, FCM may continue to accept requests from the Server key auth mechanism and not deliver the notifications to the devices or it may start rejecting the API requests altogether. In both cases, your users will no longer receive notifications through FCM.
After you save the settings in the MoEngage dashboard, your account will immediately switch to using the new API to send Android push notifications including ongoing campaigns. You will not see any drops in sending push notifications during the transition.
The updated FCM API introduces several improvements, including the adoption of the HTTP v1 protocol and the implementation of short-lived access tokens following the OAuth2 security model, replacing the Server key authentication from the previous version. These tokens enhance security by limiting their usage to approximately one hour, minimising the risk in case they are exposed.
With the Private key Auth mechanism, the Firebase Cloud Messaging API has eliminated the bulk sending mechanism and has a default rate limit of 600,000 requests per minute. For more information, refer here. If your account reaches that limit, FCM may drop those notifications. Given bulk notifications are no longer supported, you may see a reduction in campaign sending speed for bulk campaigns such as one-time and periodic campaigns.
MoEngage has proactively reduced the maximum allowed throttle speed for Push notifications to 500,000 RPM to ensure a single campaign does not breach the project limit. This change will apply to new and existing campaigns. You may still see drops because of multiple campaigns being triggered together. To learn more, refer to changes in Sending Speed with Private Key Configuration.
When you set the authentication as a Private key, the changes are accepted immediately and will be used for sending subsequent requests.