Firebase FCM vs OneSignal vs Pusher 2026
Firebase FCM vs OneSignal vs Pusher 2026
TL;DR
Firebase FCM is the right choice if you're already in the Google ecosystem — zero cost, native Android integration, and unlimited sends. OneSignal wins on feature richness: 12 billion messages daily, rich targeting, and A/B testing at a free tier that covers most early-stage apps. Pusher Beams targets a narrower use case — authenticated, transactional push for apps where security and reliability matter more than marketing features.
For most mobile apps, start with OneSignal (free, cross-platform, analytics included) or FCM (free, minimal overhead if you're already on Firebase). Move to Pusher Beams when you need E2E encryption or device-level security guarantees.
Key Takeaways
- Firebase FCM delivers unlimited push at zero cost — no message limits, no device caps, no free-tier restrictions on Android or iOS
- OneSignal sends 12B+ messages daily across 2M+ developer accounts — the largest push network outside Google/Apple themselves
- Pusher Beams charges $29/mo for 1,000 active devices — 8-10x pricier than alternatives, but offers E2E encryption that neither FCM nor OneSignal provides
- FCM requires Google Play Services on Android — a real limitation for users in China and privacy-focused OSes (GrapheneOS, CalyxOS)
- OneSignal's free tier includes web push, iOS, Android, Chrome, Firefox, and Edge — true cross-platform from day one
- All three support iOS APNs and Android FCM delivery — the difference is in the abstraction layer on top
API Overview
| Firebase FCM | OneSignal | Pusher Beams | |
|---|---|---|---|
| Primary Strength | Cost, Google ecosystem | Volume, targeting, analytics | Security, transactional delivery |
| Pricing | Free (unlimited) | Free → $19/mo Growth | $0 dev → $29/mo (1K devices) |
| iOS (APNs) | Yes | Yes | Yes |
| Android (FCM) | Native | Via FCM relay | Via FCM relay |
| Web Push | Yes (via Firebase JS SDK) | Yes | Yes |
| Segmentation | Basic (topics/groups) | Advanced (100+ filters) | Interests-based |
| A/B Testing | No | Yes (Growth plan) | No |
| E2E Encryption | No | No | Yes |
| Analytics | Basic delivery receipts | Rich (opens, clicks, revenue) | Basic delivery logs |
| SDK Languages | JS, Swift, Kotlin, Unity | 12+ SDKs | Swift, Kotlin, JS |
| REST API | Yes | Yes | Yes |
| SLA | No formal SLA | 99.9% (paid plans) | 99.9% |
| Self-Host | No | No | No |
| Open Source | Partial (Firebase SDK) | No | No |
Firebase FCM: Free and Native for Google Ecosystem
Firebase Cloud Messaging is Google's push notification infrastructure, delivered at zero cost with no message or device limits. For Android apps already using Firebase Auth, Firestore, or Analytics, FCM is the path of least resistance.
How FCM works
FCM operates as the conduit between your server and end devices. Your server sends a message to FCM's API with a device token; FCM routes it through Google's global infrastructure to the target device. On Android, the message arrives via a persistent Google Play Services connection. On iOS, FCM relays through APNs. For web, FCM uses the Web Push protocol.
The Firebase Admin SDK — available for Node.js, Python, Java, Go, C#, and PHP — handles authentication and message construction. Sending a notification is straightforward:
const { initializeApp } = require('firebase-admin/app');
const { getMessaging } = require('firebase-admin/messaging');
initializeApp();
const message = {
notification: {
title: 'Order shipped',
body: 'Your order #1234 is on the way',
},
token: deviceToken,
};
const response = await getMessaging().send(message);
FCM v1 API (the current version, replacing the deprecated Legacy API as of June 2024) uses OAuth 2.0 with short-lived tokens — more secure than the static server keys of the legacy API. Teams still on the legacy API must migrate by August 2026 when Google drops support entirely.
FCM's real-world limitations
Google Play Services dependency. On Android, FCM delivery requires Google Play Services. Devices without it — primarily users in China (Huawei, Xiaomi, OPPO without GMS), and users on privacy-hardened ROMs — won't receive FCM messages. This is a showstopper for apps targeting Chinese Android markets, where manufacturers use proprietary push channels (Huawei Push Kit, Xiaomi Mi Push) instead.
Basic analytics. FCM's analytics tell you whether a message was delivered to the device and opened. They don't tell you click-through rate, time-to-open, revenue attribution, or comparative performance across segments. For growth teams that run notification campaigns, this gap pushes them toward OneSignal.
No built-in targeting. FCM topics and device groups provide basic fan-out, but there's no built-in segmentation engine. Sending to "users who haven't opened the app in 14 days" requires your own logic to build and maintain the token list — work that OneSignal's targeting engine handles natively.
OneSignal: Volume Leader with Full-Featured Free Tier
OneSignal is the largest independent push notification platform outside of Google and Apple. 12 billion messages daily, 2 million developer accounts, and a free tier that includes features most push platforms charge for.
What the free tier actually covers
OneSignal's free plan is genuinely useful:
- Unlimited devices across iOS, Android, Web Push, and desktop
- Unlimited notifications — no message caps
- Segmentation by country, language, session count, last active, and custom data attributes
- Delivery receipts and basic analytics (opens, clicks)
- A/B testing (limited to 2 variants on the free plan)
- 1 hour of delivery delay control (send now vs scheduled)
The Growth plan at $19/month adds unlimited A/B test variants, advanced analytics with revenue tracking, priority support, and increased API rate limits. For most consumer apps, the free tier lasts until you're at meaningful scale.
Developer experience
OneSignal's API surface is clean. Creating a notification:
curl -X POST https://onesignal.com/api/v1/notifications \
-H "Authorization: Basic YOUR_REST_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"app_id": "YOUR_APP_ID",
"headings": {"en": "Order shipped"},
"contents": {"en": "Your order #1234 is on the way"},
"filters": [
{"field": "tag", "key": "order_status", "relation": "=", "value": "shipped"}
]
}'
The filters array is where OneSignal earns its reputation. 100+ filter types cover user behavior, device properties, location, custom tags, and subscription status. Targeting users who opened the app at least 3 times, are in the US, and have a cart total above $50 is a single API call.
Delivery reliability at scale
OneSignal's infrastructure is purpose-built for notification delivery — not a side feature of a broader cloud platform. Their routing logic handles retry logic, token validation, platform-specific payload limits (4KB for APNs, variable for FCM), and quiet hours automatically.
At 12 billion messages daily, the infrastructure is proven under load. OneSignal publishes an open status page with historical uptime; the platform has maintained 99.9%+ uptime across rolling 30-day windows in 2025-2026. Compare this to building your own notification delivery layer — the operational burden of managing token expiry, platform-specific errors, and delivery receipts at scale is non-trivial.
OneSignal's limitations
No E2E encryption. Notification payloads pass through OneSignal's servers. For regulated industries (healthcare, finance) where notification content is sensitive — a patient's test result, an account balance — this is a disqualifying factor.
Data residency. OneSignal stores device tokens and notification history on their infrastructure. GDPR-compliant apps need to verify data processing agreements and may need EU data residency, which is available on their enterprise tier.
For apps that also need SMS, email, and in-app notifications coordinated through a single workflow, see Building a Communication Platform with Twilio, SendGrid, and Slack 2026 for the multi-channel architecture pattern.
Pusher Beams: Transactional Push with E2E Encryption
Pusher Beams is the narrowest product of the three — focused on authenticated, transactional push notifications where security and per-user targeting matter more than marketing analytics.
The security differentiator
Pusher Beams supports end-to-end encryption for notification payloads. The notification content is encrypted before it leaves your server and decrypted only on the target device — Pusher's infrastructure never sees the plaintext content. For apps handling medical data, financial information, or legal documents, this is a compliance-enabling feature neither FCM nor OneSignal can match.
The Beams "authenticated feeds" pattern is unique. Each user authenticates directly with your server before receiving push notifications — you control who receives what at the server level, with user-specific tokens that expire. This prevents the class of bug where a device token is stale or reassigned and a new user sees notifications meant for the previous device owner.
Device interests: topic-based targeting
Pusher Beams uses "device interests" — a simple pub/sub model where devices subscribe to named channels. Sending to all devices subscribed to a topic:
const PushNotifications = require('@pusher/push-notifications-server');
const beamsClient = new PushNotifications({
instanceId: 'YOUR_INSTANCE_ID',
secretKey: 'YOUR_SECRET_KEY',
});
await beamsClient.publishToInterests(['order-updates'], {
web: {
notification: {
title: 'Order shipped',
body: 'Your order #1234 is on the way',
deep_link: 'https://your-app.com/orders/1234',
},
},
apns: {
aps: {
alert: {
title: 'Order shipped',
body: 'Your order #1234 is on the way',
},
},
},
fcm: {
notification: {
title: 'Order shipped',
body: 'Your order #1234 is on the way',
},
},
});
The multi-platform payload in one call is clean. Pusher normalizes delivery across APNs, FCM, and Web Push — you specify platform-specific payloads when needed, or let the SDK handle defaults.
Pricing reality check
Pusher Beams pricing is device-based:
| Plan | Price | Active Devices |
|---|---|---|
| Sandbox | Free | 1,000 devices, 50 daily active |
| Starter | $29/mo | 1,000 active |
| Growth | $79/mo | 5,000 active |
| Scale | $149/mo | 25,000 active |
| Enterprise | Custom | Unlimited |
"Active device" means a device that received at least one notification in the billing month. At 1,000 active devices, Pusher Beams costs $29/month vs OneSignal's $0. The premium is justified only if E2E encryption or authenticated feeds are requirements — otherwise OneSignal's free tier covers the same delivery functionality.
Choosing the Right Push Notification API
Decision framework
Start with FCM if:
- Your app is already on Firebase (Auth, Firestore, Analytics)
- You're building Android-only with no marketing push requirements
- Zero cost is a hard constraint
- You'll handle your own segmentation and analytics
Start with OneSignal if:
- You need cross-platform (iOS + Android + Web) from day one
- You want targeting, A/B testing, and analytics without building custom infrastructure
- You're at early-to-growth stage and want the free tier to last as long as possible
- Notification campaigns (re-engagement, promotional) are part of your product roadmap
Choose Pusher Beams if:
- Notification payloads contain sensitive data requiring E2E encryption
- You're in a regulated industry (healthcare, finance, legal)
- Authenticated per-user push with expiring tokens is a security requirement
- Volume is low enough that per-device pricing doesn't hurt
Multi-channel context
Push notifications rarely exist in isolation. Production apps typically combine push with email (order confirmations), SMS (2FA, urgent alerts), and in-app notifications (real-time feeds). When evaluating push APIs, factor in whether the provider also handles other channels or whether you'll need a separate integration. OneSignal has expanded into email and in-app; FCM remains push-only; Pusher offers Channels (WebSockets) as a complementary real-time product.
For the SMS pairing decision, see Best SMS APIs for Developers 2026.
Summary: Which API Fits Your Stack
| Use Case | Winner | Why |
|---|---|---|
| Android-first app, Firebase already in use | FCM | Free, native, no added dependency |
| Multi-platform mobile app with growth focus | OneSignal | Cross-platform free tier, targeting, analytics |
| App with sensitive notification content | Pusher Beams | E2E encryption |
| Enterprise with custom SLA requirements | OneSignal Pro / Pusher Enterprise | Formal SLA available |
| Budget-constrained early-stage app | FCM or OneSignal free | Both cost $0 at launch |
| Re-engagement campaigns at scale | OneSignal | Best-in-class segmentation and A/B testing |
The push notification market has matured: FCM, OneSignal, and Pusher Beams each serve distinct segments well. The mistake is treating them as interchangeable — pick based on your security requirements, platform mix, and whether marketing features or raw delivery reliability is the priority.