GCM http 401 authorization error

Question

When my backend server sends post requests to GCM servers I get an authorization error HTTP 401.

I followed the steps described here:

http://developer.android.com/google/gcm/http.html#auth_error

>> api_key=AIzaSyDEy3...

>> curl --header "Authorization: key=$api_key" --header Content-Type:"application/json" https://android.googleapis.com/gcm/send  -d "{\"registration_id\":\"ABC\"}"

I get this:

<HTML>
<HEAD>
<TITLE>Unauthorized</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unauthorized</H1>
<H2>Error 401</H2>
</BODY>
</HTML>

In the troubleshooting it says:

Authentication Error
The sender account that you're trying to use to send a message couldn't be authenticated. Possible causes are:
    1. Authorization header missing or with invalid syntax.
    2. Invalid project number sent as key.
    3. Key valid but with GCM service disabled.
    4. Request originated from a server not whitelisted in the Server Key IPs.

I have questions about that:

1. Is the header in the curl request correct?
2. Do they mean "api_key" (AIzaSy…) or the Project number like 8305134….?
3. How do I whitelist my Server Key IP?
4. If I'm running the curl command, do I have to whitelist the IP-Address of my computer?

Answer 1

1. I don't know the syntax of the curl command, but it seems strange that one header you specify as --header "key: value" while the other is specified as --header key:"value". Perhaps one of them is incorrect. In addition, you should change registration_id:ABC to "{\"registration_ids\":[\"ABC\"]}".

2. They mean the API Key.

3. If you didn't define a list of white listed IPs when you created your API Key, it should be white listed by default.

Answer 2

Finally found My problem

I made HTTP Authorization Header like this Authorization:[Api key]

Solution

I was missing 'key='+[Your Api key] in the Authorization header,

so the full HTTP header will be

Authorization:key=Apikey

Answer 3

I solved this error by using the Server Key instead of the API Key. You can get the Server Key from Firebase Console by clicking on the gear and clicking on Project Settings, after that go to the tab that says Cloud Messaging and get the server key, both the normal server key and the legacy server key will work.

This works on both Firebase and GCM so we do not need to declare two keys separately.

Answer 4

Do they mean "api_key" (AIzaSy…) or the Project number like 8305134….?

It means Server key which should added in your curl script. The project number should not be used for sending message on server side.

To create the new server key, follow the steps,

• Go to https://cloud.google.com/console/project
• Click your Project
• Go to APIs & auth on Left Panel
• Select Credentials in submenu on Left Panel
• Under Public API access, click on "Create New Key"
• Choose 'Server'
• On next dialog, Specify the whitelisted IPs, if you have any. Leaving it blank, the requests will be from any IP
• Click Create.
• You will find the new server key is created under "Public API Access"

This key is to be used for sending message in your script on server side.

How do I whitelist my Server Key IP?

You can whitelist while creating server key.

If I'm running the curl command, do I have to whitelist the IP-Address of my computer?

For testing purpose, you dont have to specify the IP. For commercial purpose, you may want to.

Warning setting IP to 0.0.0.0/0 as mentioned in the Getting Started guide will allow all IPv4 address, but not IPv6.

Answer 5

I had the same problem. I was using the Android Key as mentioned in the instructions at http://developer.android.com/google/gcm/gs.html But I actually had to use the Server Key to get authenticated from my Fiddler window and PushSharp example.

Answer 6

Unauthorised issue will happen while there is a mismatch in API key. Clear the server key and regenerate a new one. Use the server API key in server side coding. And properly use the sender id in android client

Answer 7

The problem is related to authorization, but I came across this, error while I was trying to do things in old way, I know this is an old question, but let me put my 50 cents on it. First there is a new kid in town called "Firebase Cloud Messaging FCM". Allow me to quote google:

FCM is the new version of GCM under the Firebase brand. It inherits GCM’s core infrastructure, with new SDKs to make Cloud Messaging development easier.

Benefits of upgrading to FCM SDK include:

Simpler client development. You no longer have to write your own registration or subscription retry logic. An out-of-the-box notification solution. You can use Firebase Notifications, a serverless notifications solution with a web console that lets anyone send notifications to target specific audiences based on Firebase Analytics insights. More information about FCM Configuration For android studio

I hope this helps someone who is trying to do things in old way

Answer 8

if error 401: the GCM has to be imported in FCM to work Then the server and sender IDs can be found at https://console.firebase.google.com/project/my_projectID/settings/cloudmessaging

Answer 9

UPDATE:

Google has changed the console, now you have to:

• Go to https://console.developers.google.com
• Select your project (dropdown at top)
• Select Overview in menu on Left Panel
• Select Google Cloud Messaging under Mobile APIs title
• Click Enable button
• Then you have to create the credentials

DEPRECATED

I had the same problem ... then I realized that I had to add the Google Cloud Messaging for Android too.

• Go to https://cloud.google.com/console/project
• Click your Project
• Go to APIs & auth on Left Panel
• Select APIs in submenu on Left Panel
• Search Google Cloud Messaging for Android (or/and Chrome) and put it ON

Hope it helps you!

Answer 10

The above things are all done then check curl init operation the function
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0 );
is included or not if it is not then include the function

Answer 11

I had same issue. What I did is:

1. Clear IP Whitelist that will be set to Any IP automatically.
2. Regenerate Server Key and use the new generated Key.

Answer 12

For using Firestore you should use Web API keyfirebase console gives you, which you can find at https://console.firebase.google.com/project/<yourProjectName>/settings/general/<yourAppPckageName>.

but, for using Firebase to push notification your mobile device clients you should use Server key developer console gives you, which you can find at https://console.developers.google.com/apis/credentials?project=<yourProjectName>

Answer 13

If you have recently tried to create a new project in GCM and add a server key, it won't succeed authorization anyway because Google stopped authorizing newly created server keys in order to promote Firebase Cloud Messaging. Currently the only option to create a new key is to first migrate the existing project to Firebase here.