This SDK works with immutable objects until noted otherwise. You can recognize these objects when they have a ˚`with*``method. In that case, please keep in mind that in order to get hold of the changes you made, you will have to use the result of that method, e.g. $changedObject = $object->withChangedProperty();.

Call to private/undefined method …

If you receive an error like

Fatal error: Uncaught Error: Call to private method Kreait\Firebase\ServiceAccount::fromJsonFile()

you have most likely followed a tutorial that is targeted at Version 4.x of this release and have code that looks like this:

$serviceAccount = ServiceAccount::fromJsonFile(__DIR__.'/google-service-account.json');
$firebase = (new Factory)

$database = $firebase->getDatabase();

Change it to the following:

$factory = (new Factory)->withServiceAccount(__DIR__.'/google-service-account.json');

$database = $factory->createDatabase();

PHP Parse Error/PHP Syntax Error

If you’re getting an error in the likes of

PHP Parse error: syntax error, unexpected ':', expecting ';' or '{' in ...

the environment you are running the script in does not use PHP 7.x. You can check this by adding the line

echo phpversion(); exit;

somewhere in your script.

Class ‘Kreait\Firebase\ …’ not found

You are probably not using the latest release of the SDK, please update your composer dependencies.

Call to undefined function openssl_sign()

You need to install the OpenSSL PHP Extension:

Default sound not played on message delivery

If you specified 'sound' => 'default' in the message payload, try chaning it to 'sound' => "default" - although single or double quotes shouldn’t™ make a difference, it has been reported that this can solve the issue.

cURL error XX: …

If you receive a cURL error XX: ..., make sure that you have a current CA Root Certificates bundle on your system and that PHP uses it.

To see where PHP looks for the CA bundle, check the output of the following command:


which should lead to an output similar to this:

array(8) {
    'default_cert_file' =>
    string(32) "/usr/local/etc/openssl/cert.pem"
    'default_cert_file_env' =>
    string(13) "SSL_CERT_FILE"
    'default_cert_dir' =>
    string(29) "/usr/local/etc/openssl/certs"
    'default_cert_dir_env' =>
    string(12) "SSL_CERT_DIR"
    'default_private_dir' =>
    string(31) "/usr/local/etc/openssl/private"
    'default_default_cert_area' =>
    string(23) "/usr/local/etc/openssl"
    'ini_cafile' =>
    string(0) ""
    'ini_capath' =>
    string(0) ""

Now check if the file given in the default_cert_file field actually exists. Create a backup of the file, download the current CA bundle from and put it where default_cert_file points to.

If the problem still occurs, another possible solution is to configure the curl.cainfo setting in your php.ini:

curl.cainfo = /absolute/path/to/cacert.pem

ID Tokens are issued in the future

When ID Token verification fails because of an IssuedInTheFuture exception, this is an indication that the system time in your environment is not set correctly.

If you chose to ignore the issue, you can catch the exception and return the ID token nonetheless:

use Firebase\Auth\Token\Exception\InvalidToken;
use Firebase\Auth\Token\Exception\IssuedInTheFuture;

$auth = $factory->createAuth();

try {
    return $auth->verifyIdToken($idTokenString);
} catch (IssuedInTheFuture $e) {
    return $e->getToken();
} catch (InvalidIdToken $e) {
    echo $e->getMessage();

“403 Forbidden” Errors

Under the hood, a Firebase project is actually a Google Cloud project with pre-defined and pre-allocated permissions and resources.

When Google adds features to its product line, it is possible that you have to manually configure your Firebase/Google Cloud Project to take advantage of those new features.

When a request to the Firebase APIs fails, please make sure that the according Google Cloud API is enabled for your project:

Please also make sure that the Service Account you are using for your project has all necessary roles and permissions as described in the official documentation at Manage project access with Firebase IAM.

MultiCast SendReports are empty

This is an issue seen in XAMPP/WAMP environments and seems related to the cURL version shipped with the current PHP installation. Please ensure that cURL is installed with at least version 7.67 (preferably newer, version 7.70 is known to work).

You can check the currently installed cURL version by adding the following line somewhere in your code:

echo curl_version()['version']; exit;

To install a newer version of cURL, download the latest release from . From the unpacked archive in the bin folder, use the file ending with libcurl*.dll to overwrite the existing libcurl*.dll in the ext folder of your PHP installation and restart the environment.

If this issue occurs in other environments (e.g. Linux or MacOS), please ensure that you have the latest (minor) versions of PHP and cURL installed. If the problem persists, please open an issue in the issue tracker.

Proxy configuration

If you need to access the Firebase/Google APIs through a proxy, you can specify an according HTTP Client option while configuring the service factory: HTTP Client Options


In order to debug HTTP requests to the Firebase/Google APIs, you can enable the factory’s debug mode and provide an instance of Psr\Log\LoggerInterface. HTTP requests and responses will then be pushed to this logger with their full headers and bodies.

$factory = $factory->withEnabledDebug($logger);