OneSignal's RESTful API is based on the REST Architecture and provides robust features that can be used for the below operations. OneSignal also provides Backend SDKs in most languages to get started right away.
Use HTTP/2 and TLS 1.2 connection or higher.
HTTPS: All traffic to OneSignal's REST API uses HTTPS on standard port 443.
Firewalls and proxies must allow outbound HTTPS traffic on port 443 to connect to our REST API. See below FCM and APNS requirements as well.
IP Addresses: OneSignal uses GCP data centers located in Groningen, Netherlands. There are a wide range of IPs that can be used. You can copy-paste the following IP ranges to your whitelist (make sure to include your own IP Address if you have not!):
We recommend whitelisting HTTPS traffic to any public IP address or allow
api.onesignal.com. Be sure your DNS cache respects OneSignal's TTL of 300 seconds to avoid making requests to stale IP addresses.
Google's Firebase Cloud Messaging (FCM) uses ports 5228, 443, 5229, and 5230. You should allow devices to connect with FCM using these ports and no IP restrictions.
For more details, see FCM's documentation:
Apple's Push Notification Service (APNs) uses ports 5223, 443, and 2197. You should allow devices to connect with APNs using these ports and no IP restrictions. If you need to setup server and IP restrictions, then make sure to allow access to:
- Development server:
- Production server:
- Access to entire IP range:
For more details, see Apple's documentation:
- Messages can be sent to segments, data filters (which are similar to segments but without creating the reusable segment name), and specific devices by a User ID, email address or phone number depending on channel.
- All available parameters are supported like Content & Language, custom data & images, and scheduling options.
- Plenty of Example Code in commonly used languages to get you started.
- If you scheduled a notification in the future and decide not to send anymore, you can also Cancel notification with the notification id available in the response after sending.
- Create user - create a new user with subscriptions and/or aliases.
- View user - get the user's properties, aliases and subscriptions.
- Update user - update a user's properties, like tags. Add new or update current subscriptions to a user with Create subscription or Update subscription.
- Delete user - deletes the user and all subscriptions.
OneSignal allows you to target devices directly by data filters if you don't want to create segments or don't plan to send many notifications to these filter combinations.
If you are looking to create a lot of Segments and do not want to go through our Dashboard GUI, you can use our Create Segments to do this quickly and later Delete Segments if you don't need them anymore.
Bulk export user and subscription data with Export CSV of Players.
Pull message data with View notifications or individually with View notification. The response will contain the properties sent in each message request and the messages current analytics. Analytics > Message Tracking for details.
- Export CSV of Events - generates a CSV of event data (clicked, received, sent, etc) for a specific message.
OneSignal houses related Mobile Apps and Websites under a single OneSignal App. If you have many apps and/or websites that are not related, you can use the Create an app endpoint to generate OneSignal App Ids for each platform quickly.
Responses are usually generated within a couple seconds. However, in extreme cases, they can take longer.
OneSignal will wait 30 seconds for a response before automatically canceling the request. To verify no duplicate requests go through, you can add an Idempotent Key with the
Our API does not require any certs to be used, but if you require it, there are two options. Note that Cloudflare hosts and manages our certs and so may rotate them periodically.
echo -n | openssl s_client -connect api.onesignal.com:443 \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.pem
If you get the full cert chain then the root cert will be the first one in the list. You would not have to change that one or worry if Cloudflare changes it because those root certs have to be copied into the root trust stores of billions of machines.
See Cloudflare's guides on managing certs: https://support.cloudflare.com/hc/en-us/categories/200276247-SSL-TLS
Updated about 1 month ago