No. You must have a Firebase service account JSON private key to use Android push notifications. The Firebase Cloud Messaging HTTP v1 API requires this file for authentication. There are no options to use short-lived tokens or OAuth-only setups.
If your security policy limits the use of long-lived keys, you can lower the risk by limiting what the key can do. Follow these steps to set up a restricted key:
- Create a new service account in the Google Cloud Console used only for push notifications.
- Give that account a custom role that has only the cloudmessaging.messages.create permission.
- Download the JSON key for this specific account and use it in your settings.
This setup prevents the key from accessing or changing any other part of your Firebase project.
Comments
0 comments
Please sign in to leave a comment.