🏠 Overview 🔗 Integrations 🔗 Firebase Cloud Messaging (FCM) API v1

Firebase Cloud Messaging (FCM) API v1

Cloud Service Integration by Google LLC

Cloud Service Google LLC Outbound
Rest Api
Connection
Outbound
Data Flow
12
Components
4
Dependencies

Description

Firebase Cloud Messaging delivers push notifications to iOS and Android devices for time-sensitive events including certification expiry warnings, expense claim approval updates, coordinator escalation alerts, assignment reminders, and scenario-based motivational nudges. FCM tokens are managed per device and refreshed automatically, with the server-side dispatch executed from Supabase Edge Functions to protect FCM server key confidentiality.

Detailed Analysis

Firebase Cloud Messaging (FCM) delivers the push notification capability that keeps peer mentors and coordinators informed of time-sensitive events without requiring them to open the app. This includes certification expiry warnings that protect HLF from having uncertified mentors operating, expense claim approval updates that reduce administrative friction, and escalation alerts that ensure coordinators can respond promptly to at-risk mentoring relationships. FCM is provided by Google at no per-message cost under the Firebase free tier, making this a high-value capability with negligible direct cost. The integration is architecturally isolated: all dispatch is executed server-side via Supabase Edge Functions, ensuring the FCM server key is never exposed in the mobile binary.

An in-app notification centre provides a resilient fallback so no critical notification is ever silently lost, and email fallback is available for certification expiry alerts when push delivery is unavailable. This combination of zero marginal cost, platform-native delivery, and multi-layer fallback makes FCM the appropriate and low-risk choice for the project's notification requirements.

FCM spans twelve components including token management, permission handling, notification dispatch, and five domain-specific notification services covering approvals, declarations, certifications, pauses, and reminders. This breadth means notification delivery touches nearly every user-facing workflow and must be tested across both iOS and Android. Key setup dependencies include Firebase project creation, Google service account key provisioning for the server-side Edge Function, APNs key configuration in the Firebase console for iOS, and inclusion of google-services.json and GoogleService-Info.plist in the app build. iOS push delivery additionally requires APNs configuration, which involves Apple Developer account access.

Testing must cover permission grant flows, foreground and background notification delivery, token refresh scenarios, and fallback to the in-app notification centre when push is unavailable. The integration carries no licensing cost risk, but the diversity of notification types and the twelve dependent components mean integration testing is substantial. Ongoing maintenance is low once configured — FCM token rotation is automatic, and Firebase console provides delivery reports without custom instrumentation.

FCM HTTP v1 API is used for all push dispatch, authenticated via a Google service account JSON key scoped to https://www.googleapis.com/auth/firebase.messaging. The server key is stored exclusively in the Supabase Edge Function environment variable FCM_SERVICE_ACCOUNT_KEY and is never bundled in the mobile binary. Client-side, the firebase_messaging Flutter package (>=14.0.0) manages device token registration, refresh, and permission prompting. FCM tokens are synced to the database on registration and refresh.

Dispatch is triggered by domain events across multiple services — ApprovalsNotificationService, CertificationReminderService, DeclarationNotificationService, PauseNotificationService, and others — all routing through the FCMPushNotificationSender and FCMNotificationDispatcher. On InvalidRegistration errors, stale tokens are automatically purged. Notification payloads are intentionally minimal — full content is fetched from the API on open to avoid stale data in notifications. The in-app notification centre (backed by the PushNotificationDispatcher) persists all notifications independently of push delivery success, ensuring resilience when devices are offline or permissions are denied.

FCM HTTP v1 supports 600,000 messages per minute, far exceeding this project's scale.

Using Components (12)

Service Approval Status Notification Service medium Service Declaration Delivery Notification Service medium Service Pause Notification Service medium Infrastructure Push Notification Service medium Service Certification Reminder Service medium Infrastructure FCM Token Manager medium Service Notification Permission Manager low Service Notification Trigger Service high Service Push Notification Service high Infrastructure Push Notification Service low Service Reminder Dispatch Service medium Infrastructure FCM Push Notification Sender medium Infrastructure FCM Notification Dispatcher medium Infrastructure Push Notification Dispatcher medium Service Push Notification Dispatcher medium Infrastructure Push Notification Dispatcher medium

Dependencies (4)

firebase_messaging Flutter package >=14.0.0 External
Firebase project linked to app via google-services.json / GoogleService-Info.plist External
APNs certificate or key configured in Firebase for iOS push External
User permission granted for push notifications External

Authentication

TypeOauth
RequirementsFirebase project with FCM enabled, Google service account JSON key for FCM HTTP v1 API, google-services.json (Android) and GoogleService-Info.plist (iOS) in app
Scopeshttps://www.googleapis.com/auth/firebase.messaging

Configuration

Required Settings

Firebase project ID Required
FCM service account key (server-side only) Required
APNs key configured in Firebase console for iOS Required

Optional Settings

Notification channels configuration (Android) Optional
Default notification icon and color Optional
Foreground notification presentation options (iOS) Optional

Environment Variables

FCM_SERVICE_ACCOUNT_KEY (server-side Edge Function only)

Error Handling

Unregistered FCM tokens cleaned up automatically on InvalidRegistration error
Failed push deliveries logged — notifications also persisted in in-app notification centre
Notification permission denied handled gracefully with in-app fallback banner

Monitoring

Health Checks

FCM token validity check on app resume
Firebase console delivery reports

Metrics

Notification delivery rate
Open rate per notification type
Permission grant rate on first prompt

Alerts

FCM API error rate spike
Mass token invalidation event

Performance

Latency< 5s for push delivery to online device
AvailabilityDegraded gracefully via in-app notification centre when push unavailable

Rate Limits

FCM HTTP v1: 600,000 messages per minute across all targets
Per-device: no rate limits enforced

Cost Implications

Pricing ModelFree — Firebase Cloud Messaging has no per-message cost

Cost Factors

Firebase project plan costs for other Firebase services if used
APNs certificate renewal (annual, no cost)

Security Considerations

FCM server key and service account never bundled in mobile app binary
All push dispatch via server-side Edge Functions only
Notification payloads contain minimal data — full content fetched from API on open
FCM tokens rotated automatically by SDK and synced to database

Fallback Mechanisms

In-app notification centre shows all notifications regardless of push delivery
Email fallback for critical certification expiry alerts (coordinator email)

Documentation

https://firebase.google.com/docs/cloud-messaging External