Device Registration

To receive push notifications, a device must be registered against the caller's account.

Register a device

curl -X POST https://bard-pms-api.elivaas.com/api/push/register \
  -H "Authorization: Bearer $AUTH0_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "fcmToken": "fGxk...:APA91b...",
    "platform": "android",
    "deviceModel": "Pixel 8",
    "manufacturer": "Google",
    "osVersion": "14",
    "appVersion": "2.7.1"
  }'

Only fcmToken is required. The remaining fields are optional diagnostic metadata.

The caller is identified from the bearer token — you do not pass a user id. Re-registering an existing token is safe: it will be updated and reactivated.

Deregister a device

Use this on sign-out or when the user opts out of notifications:

curl -X POST https://bard-pms-api.elivaas.com/api/push/deregister \
  -H "Authorization: Bearer $AUTH0_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "tokens": ["fGxk...:APA91b..."] }'

The endpoint is idempotent and accepts multiple tokens at once. Tokens that have already been deregistered, or that were never seen, are silently ignored.

Token lifecycle

You don't need to clean up after dead devices. When Firebase reports a token as expired or invalid (e.g. the app was uninstalled), it is automatically deactivated on the next send. Just re-register from the client when a fresh FCM token is issued.