Understand your OneSignal App ID, API Keys, and how to manage them securely. Learn where to find your keys, create new ones, and migrate from legacy API keys.
Your OneSignal account includes both public IDs and private API keys that are essential for configuring your apps and accessing the OneSignal API. This guide explains where to find them, how to manage them, and best practices for secure usage.
The App ID is a unique public identifier for your OneSignal project, formatted as a UUID v4. It is distinct from your private API keys and is required for:
Find your App ID under Settings > Keys & IDs in the OneSignal Dashboard or via the View apps API.
Keys & IDs page to find your App ID and App API keys.
Example where to find your App ID.
Your Organization ID (Org ID) is a unique identifier in UUID v4 format that groups all apps under your billing plan. It is required for APIs related to:
You can find your organization_id
in the dashboard under Organizations > Your Organization or via the View an app API.
Example showing how to find your Organization ID in the OneSignal dashboard.
There are two types of API keys:
Your app API key is a private key used for most REST API requests related to a specific app.
App API keys can be created under Settings > Keys & IDs or Create an API Key.
They can only be viewed once created.
Include this key in the Authorization
header using the key
authentication scheme:
Treat App API Keys like a password. Do not share it, expose it in your app code, or store it in public repositories like GitHub.
Your organization API key is a private key used for managing apps and app API keys within an Organization. It is required for API requests such as:
To create an organization API key, navigate to Organizations > your org > Keys & IDs in your OneSignal Dashboard.
The Organization API key replaces the legacy User Auth key.
As with app API keys, you can configure up to 16 org keys and include IP allowlisting configuration.
Click Add Key to open the creation modal.
API keys are only visible once. Use Add Key to generate one.
Give your key a descriptive name (e.g., “CRM Sync Service”).
Optionally, restrict API key usage to specific IP addresses by enabling IP Allowlisting.
Enter space-separated CIDR blocks (e.g., 192.0.2.0/24 192.0.2.123/32
).
Requests from non-allowed IPs will be denied.
Creating an API key with optional IP allowlist.
After clicking Create, your API key will be shown once. Save it securely.
Generated API key (displayed only once).
After clicking Continue, the key will no longer be viewable.
After creating a key, you can manage it via the key list interface:
Key ID is only a label for reference, not the actual API key.
Via the dashboard or Update API key API:
Via the dashboard or Rotate API key API:
Via the dashboard or Delete API key API:
We introduced rich API key management on November 14, 2024.
Migration Steps
https://api.onesignal.com
instead of the old https://onesignal.com/api/v1/
URL.Disabling an app will block:
It will not block new device subscriptions. To prevent those, you must remove OneSignal code from your app.
Disabled apps can be re-enabled at any time in the dashboard.
Understand your OneSignal App ID, API Keys, and how to manage them securely. Learn where to find your keys, create new ones, and migrate from legacy API keys.
Your OneSignal account includes both public IDs and private API keys that are essential for configuring your apps and accessing the OneSignal API. This guide explains where to find them, how to manage them, and best practices for secure usage.
The App ID is a unique public identifier for your OneSignal project, formatted as a UUID v4. It is distinct from your private API keys and is required for:
Find your App ID under Settings > Keys & IDs in the OneSignal Dashboard or via the View apps API.
Keys & IDs page to find your App ID and App API keys.
Example where to find your App ID.
Your Organization ID (Org ID) is a unique identifier in UUID v4 format that groups all apps under your billing plan. It is required for APIs related to:
You can find your organization_id
in the dashboard under Organizations > Your Organization or via the View an app API.
Example showing how to find your Organization ID in the OneSignal dashboard.
There are two types of API keys:
Your app API key is a private key used for most REST API requests related to a specific app.
App API keys can be created under Settings > Keys & IDs or Create an API Key.
They can only be viewed once created.
Include this key in the Authorization
header using the key
authentication scheme:
Treat App API Keys like a password. Do not share it, expose it in your app code, or store it in public repositories like GitHub.
Your organization API key is a private key used for managing apps and app API keys within an Organization. It is required for API requests such as:
To create an organization API key, navigate to Organizations > your org > Keys & IDs in your OneSignal Dashboard.
The Organization API key replaces the legacy User Auth key.
As with app API keys, you can configure up to 16 org keys and include IP allowlisting configuration.
Click Add Key to open the creation modal.
API keys are only visible once. Use Add Key to generate one.
Give your key a descriptive name (e.g., “CRM Sync Service”).
Optionally, restrict API key usage to specific IP addresses by enabling IP Allowlisting.
Enter space-separated CIDR blocks (e.g., 192.0.2.0/24 192.0.2.123/32
).
Requests from non-allowed IPs will be denied.
Creating an API key with optional IP allowlist.
After clicking Create, your API key will be shown once. Save it securely.
Generated API key (displayed only once).
After clicking Continue, the key will no longer be viewable.
After creating a key, you can manage it via the key list interface:
Key ID is only a label for reference, not the actual API key.
Via the dashboard or Update API key API:
Via the dashboard or Rotate API key API:
Via the dashboard or Delete API key API:
We introduced rich API key management on November 14, 2024.
Migration Steps
https://api.onesignal.com
instead of the old https://onesignal.com/api/v1/
URL.Disabling an app will block:
It will not block new device subscriptions. To prevent those, you must remove OneSignal code from your app.
Disabled apps can be re-enabled at any time in the dashboard.