Connect Retool to Firebase Cloud Messaging by adding a Firebase Resource in the Resources tab, authenticating with a Google service account JSON key, and selecting 'Cloud Messaging' as the service type in each query. You can then build a push notification admin panel to send targeted messages, manage FCM topics, and view delivery logs — all without leaving Retool.
| Fact | Value |
|---|---|
| Tool | Firebase Cloud Messaging |
| Category | Database |
| Method | Retool Native Resource |
| Difficulty | Intermediate |
| Time required | 25 minutes |
| Last updated | April 2026 |
Build a Push Notification Admin Panel with Retool and Firebase Cloud Messaging
Firebase Cloud Messaging is the standard infrastructure for mobile and web push notifications, but FCM's own console offers limited tooling for operations teams: you can't easily filter recipients by custom user properties, schedule batches, or log delivery alongside other operational data. Retool fills this gap by exposing FCM's full API through its native Firebase Resource, letting you build custom notification dashboards that match your exact workflow.
With a Retool–FCM integration, engineering managers and ops teams can send broadcast notifications to all users, target individual devices by registration token, publish to named topics, and condition messages to reach only specific platform segments — all through a polished internal tool backed by real user data from your database or CRM. You can combine FCM queries with a Firestore or PostgreSQL resource to display recent notification logs alongside send controls in the same Retool app.
The Firebase Resource in Retool is a unified connector: one resource configuration covers Firestore, Realtime Database, Authentication, and Cloud Messaging. You select the service type within each individual query rather than creating separate resources. This means teams already using Retool for Firebase data operations can add FCM notification workflows to the same app with no additional credential setup.
Integration method
Retool includes a built-in Firebase Resource that authenticates via a Google service account JSON key. Within each query you select the Firebase service — Firestore, Realtime Database, Auth, or Cloud Messaging — giving you access to FCM's message-sending and topic-management operations from a single configured Resource. All requests are proxied server-side through Retool, so your service account credentials never reach the browser.
Prerequisites
- A Firebase project with Cloud Messaging enabled in the Firebase console (Project Settings → Cloud Messaging tab)
- A Google service account with the Firebase Admin SDK role, and its JSON key downloaded (Firebase console → Project Settings → Service Accounts → Generate new private key)
- FCM registration tokens for the target devices, or named topics already subscribed by client apps
- A Retool account (Cloud or self-hosted) with permission to create and edit Resources
- Basic familiarity with Retool's query editor and component panel
Step-by-step guide
Create the Firebase Resource in Retool
Open your Retool instance and navigate to the Resources tab in the left sidebar. Click the blue Add Resource button in the top-right corner. In the resource type picker, scroll to the Google section and click Firebase. Retool will open the Firebase resource configuration form. In the 'Resource name' field enter a descriptive name such as 'Firebase Production' or 'FCM Admin'. This name appears in the query editor's resource dropdown, so choose something that clearly identifies the environment. For authentication, paste the entire contents of your Google service account JSON key file into the 'Service Account Key' text area. The JSON key looks like a large block starting with '{ "type": "service_account", "project_id": "...'. Retool encrypts this credential immediately on save and it is never exposed to end users or browser-side JavaScript. Leave the 'Database URL' field populated with your project's Realtime Database URL (format: https://your-project-id-default-rtdb.firebaseio.com) even if you primarily intend to use Cloud Messaging — Retool uses this value to identify the Firebase project. Click Save Changes. Retool will verify the connection by testing the service account credentials. If verification fails, double-check that the JSON key has not been truncated when pasting and that the service account has the Firebase Admin SDK Admin Service Agent role in your Google Cloud IAM console.
Pro tip: If you manage multiple Firebase projects (e.g., staging and production), create one Retool Resource per project. You can then switch between them in the query editor's resource dropdown without duplicating your app logic.
Expected result: A green 'Connected' indicator appears next to the Firebase resource in the Resources tab. The resource is now available as a data source option in Retool's query editor.
Create a Cloud Messaging query to send a push notification
Open your Retool app (or create a new one from the Apps tab). In the bottom Code panel, click the + New query button. In the query editor that opens, select your Firebase resource from the Resource dropdown. Retool will display a Firebase-specific query form. You will see a 'Service' dropdown near the top — click it and select 'Cloud Messaging'. The query form updates to show FCM-specific actions. From the 'Action type' dropdown, choose 'Send Message'. The form now presents input fields for the message payload. Fill in: - 'Registration tokens': Enter `{{ tokenInput.value }}` to bind to a text input component, or a raw token string for testing. - 'Title': Enter `{{ titleInput.value }}` to reference a title text input. - 'Body': Enter `{{ bodyInput.value }}` to reference a body text area. - 'Data' (optional): Add custom key-value pairs as a JSON object — for example, `{ "screen": "order_detail", "order_id": "{{ table1.selectedRow.id }}" }` to deep-link the notification to a specific screen. Set 'Run query on page load' to Off. This query should fire only when a user clicks a Send button, not automatically. In the 'On success' event handler, add a Show notification action with message 'Notification sent successfully' to give the operator confirmation. Click the Save button, then rename the query to 'sendFCMMessage' using the pencil icon next to its name.
1// FCM Message payload structure (shown in Retool's Data field for custom payloads)2{3 "notification": {4 "title": "{{ titleInput.value }}",5 "body": "{{ bodyInput.value }}"6 },7 "data": {8 "screen": "{{ screenInput.value }}",9 "record_id": "{{ table1.selectedRow.id }}"10 },11 "android": {12 "priority": "high"13 },14 "apns": {15 "headers": {16 "apns-priority": "10"17 }18 }19}Pro tip: To send to multiple tokens at once, Retool's FCM query accepts an array of registration tokens. Bind the field to `{{ userTable.selectedRows.map(r => r.fcm_token) }}` to send to all rows selected in a Table component.
Expected result: The query appears in the Code panel as 'sendFCMMessage'. When triggered manually via the Run button in the query editor, a test notification is delivered to the target device and a success response is returned.
Build the notification send form with Retool components
With your query configured, switch to the Canvas view to build the UI that operators will use. From the Component panel on the right, drag the following components onto the canvas and arrange them in a logical form layout: 1. A Text Input component — rename it 'titleInput'. Set its label to 'Notification Title' and placeholder to 'e.g., Your order has shipped'. In the Validation section, mark it as Required. 2. A Text Area component — rename it 'bodyInput'. Set its label to 'Message Body' and placeholder to 'Enter notification message text'. Mark as Required. 3. A Text Input component — rename it 'tokenInput'. Set its label to 'Device Registration Token(s)' and placeholder to 'Paste FCM token or use table selection'. For production use, you will replace this with dynamic binding from a user table query. 4. A Select component — rename it 'platformSelect'. Set its label to 'Target Platform' and populate Options with: All Platforms, Android Only, iOS Only, Web Only. This value can be passed into the FCM query's condition fields. 5. A Button component — set its label to 'Send Notification'. In the button's Event Handlers section, click + Add event handler, choose the Click trigger, select 'Trigger query', and pick 'sendFCMMessage'. Add a second event handler on Click to open a Confirmation modal component before firing, so operators cannot accidentally send notifications. Group the form inputs inside a Container component with a gray background to visually separate the send form from any data tables on the same page.
Pro tip: Use a Form component instead of individual inputs if you want Retool to automatically disable the Submit button when required fields are empty. Forms also reset their child inputs automatically after a successful query run when you enable 'Reset on submit'.
Expected result: The canvas shows a clean notification form with title, body, token, and platform fields, plus a Send Notification button. The button is connected to the sendFCMMessage query via an event handler.
Add a FCM topic management panel
FCM topics allow you to send a single message to all devices subscribed to a named channel — for example, 'breaking_news', 'order_updates_region_eu', or 'maintenance_alerts'. Retool's Firebase Resource exposes topic subscribe and unsubscribe operations as separate action types. Create a second query: click + New query in the Code panel, select your Firebase resource, set Service to 'Cloud Messaging', and set Action type to 'Subscribe to topic'. Name this query 'subscribeToTopic'. Set the 'Registration tokens' field to `{{ topicTokenInput.value }}` and the 'Topic name' field to `{{ topicSelect.value }}`. Create a third query with Action type 'Unsubscribe from topic', named 'unsubscribeFromTopic', binding the same component values. Create a fourth query with Action type 'Send Message', but this time set the 'Topic' field (instead of 'Registration tokens') to `{{ topicSelect.value }}`. Name it 'sendToTopic'. On the canvas, add a new section below the device-token form: - A Select component 'topicSelect' populated with your topic names (or bound to a Firestore query reading a 'fcm_topics' collection). - A Text Area 'topicTokenInput' for bulk token entry (one per line). - Two Button components: 'Subscribe' wired to the subscribeToTopic query, and 'Unsubscribe' wired to unsubscribeFromTopic. - A separate mini-form with title and body inputs ('topicTitleInput', 'topicBodyInput') and a 'Send to Topic' button wired to the sendToTopic query. Both subscribe/unsubscribe operations accept arrays, so you can bulk-manage topic membership. Parse newline-separated tokens in a transformer: `topicTokenInput.value.split('\n').map(t => t.trim()).filter(Boolean)`.
1// Transformer: parse newline-separated tokens into an array2const raw = topicTokenInput.value || '';3return raw.split('\n').map(t => t.trim()).filter(Boolean);Pro tip: Store your topic names in a Firestore collection called 'fcm_topics' so they are managed from a single source of truth. Query that collection to populate the Select component dynamically instead of hardcoding topic values.
Expected result: The canvas now shows a topic management section alongside the device-targeted send form. Topic subscribe, unsubscribe, and broadcast operations each have dedicated buttons wired to distinct FCM queries.
Log notification sends to Firestore for an audit trail
Production notification systems need an audit log showing who sent what, to whom, and when. Since FCM does not store send history itself, you will write a log record to a Firestore collection immediately after each successful send. Create a new query: click + New query, select your Firebase resource, set Service to 'Firestore', and set Action type to 'Add document'. Set 'Collection' to 'notification_logs'. In the 'Document data' field, enter a JSON object that captures the event: `{ "sent_at": {{ new Date().toISOString() }}, "sent_by": "{{ current_user.email }}", "title": "{{ titleInput.value }}", "body": "{{ bodyInput.value }}", "recipient_type": "device", "token_count": {{ tokenInput.value ? 1 : 0 }}, "status": "sent" }` Name this query 'logNotificationSend'. Set 'Run query on page load' to Off. Now chain the queries: go back to the 'sendFCMMessage' query, open its 'On success' Event Handler section, click + Add event handler, choose 'Trigger query', and select 'logNotificationSend'. This means the Firestore log write happens automatically every time a notification is successfully dispatched. Do the same for the 'sendToTopic' query, updating the 'recipient_type' field to 'topic' and including the topic name. Finally, add a Table component to the app bound to a Firestore query that reads recent notification_logs documents ordered by sent_at descending. This gives operators a live view of send history directly in the panel.
1// Firestore document data for notification log entry2{3 "sent_at": "{{ new Date().toISOString() }}",4 "sent_by": "{{ current_user.email }}",5 "title": "{{ titleInput.value }}",6 "body": "{{ bodyInput.value }}",7 "recipient_type": "device",8 "platform_target": "{{ platformSelect.value }}",9 "status": "sent"10}Pro tip: Use Retool's current_user.email and current_user.fullName variables to automatically attribute log entries to the operator who triggered the send — no separate input field required.
Expected result: Every successful notification send automatically creates a document in your Firestore 'notification_logs' collection. The log table on the canvas refreshes to show the new entry, giving operators a complete audit trail.
Restrict access with Retool permissions and test end-to-end
Push notification panels carry real operational risk — a single mis-targeted blast can damage user trust. Before deploying the app to your team, apply Retool's access controls to prevent unauthorized sends. Go to the Apps tab, find your notification panel, click the three-dot menu, and select Share. In the Permissions panel, restrict the app to specific Retool groups (e.g., 'ops-team' or 'growth-managers'). Engineers who need read-only access to the log table but should not trigger sends can be given Viewer permissions — in Viewer mode, buttons are visible but non-interactive. For an additional safeguard, edit the 'Send Notification' and 'Send to Topic' buttons: open each button's Event Handlers, check the 'Only show if' Condition box, and enter `{{ current_user.groups.includes('notification-senders') }}`. This conditionally hides the send controls for users who are not in the designated group. With permissions set, perform an end-to-end test: 1. Enter a test device token (use the FCM token from a development build of your app). 2. Fill in a test title and body. 3. Click Send Notification and confirm the modal. 4. Check the target device — the notification should arrive within a few seconds. 5. Verify the Firestore log table shows the new entry with your email as sent_by. For complex multi-audience notification campaigns involving multiple Resources, custom transformer logic, and Retool Workflows for scheduled sends, RapidDev's team can help architect and build your full notification operations system.
Pro tip: Use Retool Workflows on a schedule to send time-based notification campaigns (e.g., weekly digest messages) without requiring an operator to manually trigger the app. Configure a Workflow with a Schedule trigger that calls your FCM Resource query directly.
Expected result: The app is shared with the correct groups, send buttons are conditionally visible to authorized users only, and a full end-to-end send test delivers a notification to the target device and creates a corresponding Firestore log entry.
Common use cases
Build a targeted push notification sender for mobile app users
Create a Retool app that queries your user database for segments — by plan tier, last-active date, or geographic region — then sends targeted FCM messages to the matching device tokens. An ops agent can compose the title and body in text inputs, preview the message payload, and click Send, with confirmation modals preventing accidental blasts.
Build a Retool app with a Table showing user segments pulled from PostgreSQL, a form with Title and Body text inputs, a device token selector, and a Send Notification button that triggers an FCM 'Send Message' query to the selected tokens.
Copy this prompt to try it in Retool
Manage FCM topic subscriptions for broadcast campaigns
Build a topic management panel in Retool where admins can view existing topic names (pulled from a Firestore topics collection), add device tokens to a topic in bulk, and trigger topic-addressed notifications — ideal for broadcast marketing messages or service-status alerts that need to reach all subscribers of a channel.
Build a Retool admin panel with a topics dropdown, a bulk token input field, subscribe/unsubscribe buttons that call FCM topic management queries, and a 'Send to Topic' form that dispatches a notification to all subscribers of the selected topic.
Copy this prompt to try it in Retool
Monitor notification delivery with a combined FCM and Firestore dashboard
Create a Retool dashboard that logs every notification send event to a Firestore collection (including timestamp, recipient count, title, and body), then displays that history in a searchable Table component. Filter by date range, status, or notification type to audit campaigns and identify delivery failures.
Build a Retool notification history dashboard with a Firestore query reading from a 'notification_logs' collection, a Table component showing sent_at, title, recipient_count, and status, a date range picker for filtering, and a send form that writes to Firestore and triggers FCM in the same on-success handler.
Copy this prompt to try it in Retool
Troubleshooting
Resource test fails with 'Error: Could not refresh access token' or 'invalid_grant'
Cause: The service account JSON key has been revoked, expired, or the key was pasted with truncation or formatting errors. Google service account keys do not expire on a set schedule but can be manually revoked in the Google Cloud IAM console.
Solution: Go to Google Cloud Console → IAM & Admin → Service Accounts, select the service account, click the Keys tab, and check whether the key status shows as Active. If it shows Revoked or does not appear, create a new key, download the fresh JSON, and update the Retool Firebase Resource with the new key contents. Make sure you paste the full JSON block without extra whitespace or line breaks at the edges.
FCM send query returns 'INVALID_ARGUMENT: The registration token is not a valid FCM registration token'
Cause: The device registration token is malformed, belongs to a different Firebase project, has expired (tokens are periodically refreshed by client SDKs), or is a test token from a sandbox environment being used against a production FCM project.
Solution: Verify the token was generated by a client app linked to the same Firebase project as your service account. Registration tokens are long alphanumeric strings (typically 140-180 characters). If the token was stored in a database some time ago, it may have been rotated by the FCM client SDK — your mobile app should implement token refresh logic that updates the stored token whenever onTokenRefresh fires. For testing, use the Firebase console's Cloud Messaging test message feature to validate tokens independently.
The Firebase query editor shows Firestore options but not Cloud Messaging in the Service dropdown
Cause: Cloud Messaging as a service type appears in Retool's Firebase connector only when the Firebase project has Cloud Messaging enabled. If the project was created recently or Cloud Messaging was never activated, Retool may not display it as an option.
Solution: Go to the Firebase console for your project, navigate to Project Settings → Cloud Messaging tab, and confirm the Server key is present. If the Cloud Messaging tab is missing, your project may be on the Spark (free) plan — upgrade to Blaze to unlock FCM or verify the project was created correctly. After enabling, refresh the Retool resource and reopen the query editor.
Notifications are sent successfully (200 response) but never arrive on the device
Cause: The device token is valid but the device is offline, the app has notification permissions revoked at the OS level, the notification is being silently dropped by a Do Not Disturb or battery optimization setting, or the message TTL has expired before delivery.
Solution: Check the FCM console (Firebase Console → Cloud Messaging → Send test message) to confirm the token receives messages from outside Retool. On Android, verify the app has not been placed in a 'deep sleep' battery optimization group. On iOS, confirm notification permissions are granted in device Settings. Increase the FCM message TTL by adding `{ "android": { "ttl": "86400s" } }` to the message's platform configuration in the query's Data field to give FCM more time to deliver.
1// Add TTL and priority to FCM message data payload2{3 "android": {4 "ttl": "86400s",5 "priority": "high"6 },7 "apns": {8 "headers": {9 "apns-priority": "10",10 "apns-expiration": "{{ Math.floor(Date.now()/1000) + 86400 }}"11 }12 }13}Best practices
- Create separate Firebase Resources in Retool for each environment (development, staging, production) using distinct service account keys — never point your Retool admin panel at production FCM unless you intend sends to reach real users.
- Store the service account JSON key as a configuration variable in Retool Settings → Configuration Variables, marked as secret, then reference it in the resource configuration. This prevents the key from being visible in resource settings to non-admin Retool users.
- Always log notification sends to Firestore or your primary database in the same on-success handler that fires the FCM query — FCM itself provides no send history, so your app is the only record of what was sent and to whom.
- Implement confirmation modals on all Send buttons using Retool's built-in 'Confirm before running' toggle on event handlers — a single click should never immediately dispatch a mass notification without a second confirmation step.
- Validate registration tokens before passing them to FCM by checking that they are non-empty strings longer than 100 characters using a Transformer or query condition. Short or null tokens will return INVALID_ARGUMENT errors and clutter your logs.
- Use FCM topics for broadcast messages to large audiences rather than sending to thousands of individual tokens — topic sends scale more efficiently and reduce Retool query execution time for high-volume campaigns.
- Periodically audit your stored device tokens by cross-referencing FCM delivery reports. Tokens that consistently return UNREGISTERED or NOT_FOUND responses should be deleted from your database to keep your mailing list clean.
- Apply Retool group-based permissions to restrict who can trigger FCM send queries. Use the conditional visibility feature on Send buttons so that operators without the notification-sender role cannot accidentally fire off messages.
Alternatives
Use the broad Firebase Resource page if you need to manage Firestore data, Auth users, and Realtime Database alongside push notifications in a single Retool app — the FCM page focuses exclusively on the messaging operations.
Choose Twilio if your notification strategy centers on SMS or voice calls rather than in-app push notifications — Twilio's native Retool connector covers phone-based communications where FCM covers mobile and web push.
Use SendGrid when your primary notification channel is email rather than push — SendGrid's native Retool connector integrates transactional email delivery into the same ops panel.
Frequently asked questions
Does Retool's Firebase Resource work for both FCM v1 API and the legacy HTTP API?
Retool's native Firebase connector uses the Firebase Admin SDK internally, which targets the FCM v1 API (the HTTP v1 send endpoint). The legacy Cloud Messaging API was deprecated by Google in June 2024 and shut down in July 2024, so all new sends should use the v1 API. Retool's built-in connector handles this automatically — you do not need to specify the API version manually.
Can I send FCM notifications from a Retool Workflow on a schedule?
Yes. Retool Workflows use the same Resource system as apps, so you can add a Firebase Resource query block inside a Workflow with Service set to Cloud Messaging and Action type set to Send Message. Attach a Schedule trigger to run the Workflow at specific times — for example, to send a weekly digest notification every Monday morning. This is more reliable than relying on a user manually triggering the Retool app.
How many notifications can I send at once from Retool?
A single FCM Send Message query in Retool accepts up to 500 registration tokens per batch. If you need to reach more devices, use Retool Workflows with a Loop block to iterate over batches of 500 tokens from your user database. For very large audiences (100,000+), consider FCM topics or switching to a third-party notification platform designed for bulk delivery.
Does the Firebase Resource in Retool support FCM data messages (silent pushes) in addition to notification messages?
Yes. The FCM Send Message query in Retool includes a Data field where you can enter custom JSON key-value pairs. If you populate only the Data field and leave the notification Title and Body empty, FCM sends a pure data message that the client app receives silently without displaying an OS notification. This is useful for triggering background refreshes or app-state updates.
Do I need a separate Firebase Resource for FCM, or does one resource cover all Firebase services?
One Firebase Resource covers all Firebase services — Firestore, Realtime Database, Authentication, and Cloud Messaging. You select the service type (Cloud Messaging, Firestore, etc.) within each individual query. You only need multiple Firebase Resources if you are connecting to different Firebase projects, such as separate staging and production environments.
Can I use Retool to manage FCM topic subscriptions for users who signed up via my web app?
Yes, with an important distinction: Retool's Firebase Resource can call FCM's server-side topic management API to subscribe or unsubscribe registration tokens from topics. However, registration tokens for web push are generated by the Firebase JavaScript SDK running in the user's browser — you need to collect and store those tokens in your database first before Retool can act on them. The client-side token generation must happen in your web app, not in Retool.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation