Your OneSignal account includes both public IDs and private API keys that are essential for configuring your apps and accessing the OneSignal API. This guide explains where to find them, how to manage them, and best practices for secure usage.

---

​

App ID

The App ID is a unique public identifier for your OneSignal project, formatted as a UUID v4. It is distinct from your private API keys and is required for:

• SDK initialization – Mobile SDK setup, Web SDK setup
• API calls – Create message, Create user, and others.

Find your App ID under Settings > Keys & IDs in the OneSignal Dashboard or via the View apps API.

​

Organization ID

Your Organization ID (Org ID) is a unique identifier in UUID v4 format that groups all apps under your billing plan. It is required for APIs related to:

• App management – Create an app, Update an app.

You can find your organization_id in the dashboard under Organizations > Your Organization or via the View an app API.

---

​

API keys

There are two types of API keys:

1. App API Keys
2. Organization API Key – A private key used for configuring apps and API keys within an Organization.

​

App API key

Your app API key is a private key used for most REST API requests related to a specific app.

• App API keys can be created under Settings > Keys & IDs or Create an API Key.

• They can only be viewed once created.

• Include this key in the Authorization header using the key authentication scheme:

  Copy

  Ask AI

  Authorization: key YOUR_REST_API_KEY
  

​

Organization API key

Your organization API key is a private key used for managing apps and app API keys within an Organization. It is required for API requests such as:

• App configuration – Creating apps, Viewing apps
• API key management – Create API key, Delete API key, Update API key

To create an organization API key, navigate to Organizations > your org > Keys & IDs in your OneSignal Dashboard.

As with app API keys, you can configure up to 16 org keys and include IP allowlisting configuration.

---

​

Create API keys

• App API Key – Go to your app’s Settings > Keys & IDs or use the Create API key API.
• Organization API Key – Go to your organization’s Keys & IDs section.

Click Add Key to open the creation modal.

Give your key a descriptive name (e.g., “CRM Sync Service”).

​

IP allowlist

Optionally, restrict API key usage to specific IP addresses by enabling IP Allowlisting. Enter space-separated CIDR blocks (e.g., 192.0.2.0/24 192.0.2.123/32). Requests from non-allowed IPs will be denied.

​

View API keys

After clicking Create, your API key will be shown once. Save it securely.

After clicking Continue, the key will no longer be viewable.

---

​

Key management

After creating a key, you can manage it via the key list interface:

​

Edit API keys

Via the dashboard or Update API key API:

• Update the name or IP allowlist
• Does not change the secret—no app code changes needed

​

Rotate API keys

Via the dashboard or Rotate API key API:

• Replaces the key’s secret
• Keep the same name and IP settings
• You must update your app or integration with the new key

​

Delete API keys

Via the dashboard or Delete API key API:

• Deletes the key permanently
• Blocks any further API access using that key

---

​

Migrating from legacy API keys

We introduced rich API key management on November 14, 2024.

Migration Steps

1. Create a new rich API key (see above).
2. Replace the legacy key in your codebase.
3. Update API calls to use https://api.onesignal.com instead of the old https://onesignal.com/api/v1/ URL.
4. Delete or click “Disable Legacy Key” on the legacy key from the Keys & IDs page.

---

​

Disabling your app

Disabling an app will block:

• New notifications
• Scheduled notifications waiting to be sent

It will not block new device subscriptions. To prevent those, you must remove OneSignal code from your app.

Disabled apps can be re-enabled at any time in the dashboard.

---