Engineering
February 3, 2026 · 7 min read
FCM vs APNs vs Web Push: what developers need to know
"Send a push notification" means three very different things depending on the platform. Here's what actually differs between Firebase Cloud Messaging (Android), Apple Push Notification service (iOS), and Web Push.
Authentication
- FCM: a Google service-account JSON; you mint short-lived OAuth tokens for the HTTP v1 API. (The legacy server-key API is deprecated.)
- APNs: a
.p8token-signing key + key ID + team ID, used to sign a JWT per connection over HTTP/2. - Web Push: VAPID — you sign each request with your application's private key.
Token lifecycle
- FCM tokens rotate; you must handle
onTokenRefreshand update your store. - APNs device tokens change on reinstall/restore.
- Web Push subscriptions expire and must be re-created; the browser tells you via
pushsubscriptionchange.
Payload limits
- APNs: 4 KB. FCM: 4 KB data. Web Push: 4 KB after encryption — keep payloads lean and fetch rich data client-side.
Error semantics (the important part)
- Unregistered / BadDeviceToken (APNs) and UNREGISTERED (FCM) mean the token is dead — remove it.
- Web Push 410 Gone is the equivalent.
- MismatchSenderId (FCM) means the token was issued for a different project — almost always a config mismatch.
A unified API's job is to normalize all of this: one send call, one set of canonical error codes, automatic dead-token cleanup, per-platform retries. That's exactly what OpenPushAPI's delivery engine does behind POST /v1/notifications.
Ready to ship push notifications?
Create free account →