OneSignal's RESTful API is based on the REST Architecture and provides robust features that can be used for the below operations.


The OneSignal API is accessed using an HTTPS connection with TLS 1.2 support or higher on standard port 443.

Firewalls and proxies must allow outbound HTTPS traffic on port 443 to connect to our REST API. See below FCM and APNS requirements as well.

We recommend whitelisting HTTPS traffic to any public IP address or allow Be sure your DNS cache respects OneSignal's TTL of 300 seconds to avoid making requests to stale IP addresses.

IP Addresses: OneSignal uses Google Cloud Platform (GCP) data centers located in Groningen, Netherlands. There is a wide range of IPs that can be used and these may change. For the most up-to-date list, you can check here for scope: europe-west4 . Below is the updated list as of April 10, 2024. You can copy-paste the following IP ranges to your allowlist (make sure to include your own IP Address if you have not!):,,,,,,,,,,,,,,,,2600:1900:4060::/44

FCM (Google Android and Chrome Push Notifications)

Google's Firebase Cloud Messaging (FCM) uses ports 5228, 443, 5229, and 5230. You should allow devices to connect with FCM using these ports and no IP restrictions.

For more details, see FCM's documentation:

APNS (Apple iOS, iPadOS, Safari Push Notifications)

Apple's Push Notification Service (APNs) uses ports 5223, 443, and 2197. You should allow devices to connect with APNs using these ports and no IP restrictions. If you need to setup server and IP restrictions, then make sure to allow access to:

  • Development server:
  • Production server:
  • Access to entire IP range:

For more details, see Apple's documentation:

Send Messages

Programmatically deliver push notifications, emails, and sms from your server.

Create, Update, View, & Delete Templates

Templates are reusable push, email, and SMS messages that can be created, updated, viewed, and deleted through the dashboard or API.

For example, your marketing team can create the template in the dashboard and your developers can pull the template_id to use with Create notification or pull stats with View notifications.

Create, Update, View, & Delete Users

See Users and Subscriptions for details. Each User will have their own OneSignal ID, but you can also lookup by Aliases & External ID that you set.

Create, View, & Delete Segments

OneSignal allows you to target devices directly by data filters if you don't want to create segments or don't plan to send many notifications to these filter combinations.

If you are looking to create a lot of Segments and do not want to go through our Dashboard GUI, you can use our Create Segments to do this quickly and later Delete Segments if you don't need them anymore.

Export User and Message Data

Bulk export user and subscription data with Export CSV of Players.

Pull message data with View notifications or individually with View notification. The response will contain the properties sent in each message request and the message's current analytics. Analytics > Message Tracking for details.

  • Export CSV of Events - generates a CSV of event data (clicked, received, sent, etc) for a specific message.

Create, Update, & View Apps

OneSignal houses related Mobile Apps and Websites under a single OneSignal App. If you have many apps and/or websites that are not related, you can use the Create an app endpoint to generate OneSignal App Ids for each platform quickly.

You can later Update an app or View an app / View apps.


What are the API Rate Limits?

See Rate Limits & Disabled Apps.

What is the response timeout for API endpoints?

Responses are usually generated within a couple seconds. However, in extreme cases, they can take longer.

OneSignal will wait 30 seconds for a response before automatically canceling the request. To verify no duplicate requests go through, you can add an Idempotent Key with the external_id parameter.

How can I get OneSignal's certificates for my API?

Our API does not require any certs to be used, but if you require it, there are two options. Note that Cloudflare hosts and manages our certs and so may rotate them periodically.

Option 1. Download the .pem file

For example:

echo -n | openssl s_client -connect \

If you get the full cert chain then the root cert will be the first one in the list. You would not have to change that one or worry if Cloudflare changes it because those root certs have to be copied into the root trust stores of billions of machines.

Option 2. Lower your restrictions

See Cloudflare's guides on managing certs: