Google GCM, token vs registration id

Question

I am confused on relationship between registration id and tokens. In the tutorial for GCM from Google, we register for a registration id in the beginning. However, we also get a token. Now, in the diagrams, we send the registration id to the targeted server. However, do we also send the token? I know that the token is derived from the registration id. Is the token used as an authentication mechanism between GCM and the app and the server never knows about the token?

Answer 1

GCM now uses the concept of an InstanceID which represents a single install of an app on a device (Android or iOS). Each InstanceID can issue several tokens. These tokens are used to identify the InstanceID and can expire and be refreshed.

On the client device, you initialize an InstanceID, then with that InstanceID you generate a token (registration token). You send that token to your server, which uses the token to send messages to the InstanceID (installed application). If that token is invalidated for any reason like the application is uninstalled or the token is compromised, a new token should be generated and sent to your server.

Answer 2

If you are looking for a basic knowledge about Google Cloud Messaging, IMO, you can refer to the following:

Basically, you need to do the steps:

1. Create a new project at Google Developers Console . At this step, for simplicity, you just need to take note of 2 values: Project Number, which will be used as SENDER_ID in the client project; and API server key (created at Credentials), which will be used as API_KEY in the server project.
2. Create a new simple Android project for server side (with basic source code as my answer in the following links).
3. Create a new simple Android project for client side (with basic source code as my answer in the following links, I customized from the original source at Google Cloud Messaging - GitHub).
4. Run the client app, you will get the registration token (means that your device has successfully registered). Then, paste (hard-code) this token at CLIENT_REGISTRATION_TOKEN variable in server app (or write code to send this token to server app).

You can read more at the following questions, one of them you have read before with one of your previous questions:

1. How to implement a GCM Hello World for Android using Android Studio
2. Adding Google Cloud Messagin (GCM) for Android - Registration process

---

For more information:

Key Concepts from Google Cloud Messaging: Overview

Credentials

• Sender ID A unique numerical value created when you configure your API project (given as "Project Number" in the Google Developers Console). The sender ID is used in the registration process to identify an app server that is permitted to send messages to the client app.
• API Key An API key saved on the app server that gives the app server authorized access to Google services. In HTTP, the API key is included in the header of POST requests that send messages. In XMPP, the API key is used in the SASL PLAIN authentication request as a password to authenticate the connection. You obtain the API key when you configure your API project.
• Registration Token An ID issued by the GCM connection servers to the client app that allows it to receive messages. Note that registration tokens must be kept secret.

Hope this helps!