We are getting intermittent 401 Unauthorized errors from Google's GCM service. In the past it worked 100% of the time. The problem might coincide with our routers accepting IPv6 traffic, but the problem remains now even if we disable IPv6 on the adapter. It also doesn't work on a separate IPv4 only network. We also retry our requests using Google's recommended exponential back-off (http://developer.android.com/google/gcm/adv.html#retry), so the problem could have been developing over time and we might have not noticed.

All the production IPv4 and IPv6 addresses we've tested on are listed in our project at: https://console.developers.google.com

Here is what our key looks like, we've got our entire publicly accessible subnet listed for testing, but I've tried with just single IP addresses as well.

enter image description here

Sometimes it works:

C:\Users\Administrator>curl --header "Authorization: key=REDACTED" --header Content-Type:"application/json" https://android.googl
eapis.com/gcm/send  -d "{\"registration_ids\":[\"test\"],\"data\":{\"code\":123}
}" -k

But, sometimes we get this response:

C:\Users\Administrator>curl --header "Authorization: key=REDACTED" --header Content-Type:"application/json" https://android.googl
eapis.com/gcm/send  -d "{\"registration_ids\":[\"test\"],\"data\":{\"code\":123}
}" -k
<H2>Error 401</H2>

Minor Update (4/10/2014)

Changing the settings to "Any IP allowed" fixes the problem, but changing to any other IP address or addresses breaks it again.

  • 2
    Facing the same problem here, but changing settings to "Any IP allowed" does not fix it. Dec 9, 2014 at 9:37
  • 3
    I'm voting to close this question as off-topic because it's a service reliability issue.
    – rds
    Nov 3, 2015 at 21:52
  • I think it falls squarely within the guidelines as a question about "software tools commonly used by programmers" or "a practical, answerable problem that is unique to software development", as the GCM service is used by most android apps. I see that I don't have an explicit question now, but I think it's implied that I am asking if anyone else with a similar setup has experienced this issue and how they worked around it. Either with a setting change or a programmatic solution like exponential back-off.
    – Jake Braun
    Nov 4, 2015 at 1:32

1 Answer 1


Regenerate the server key by leaving the ip address field as blank solved the issue.

  • Not providing an IP address does "solve" the problem, and I added that to the question. However, our goal is to use the IP address restriction as suggested by Google in their docs, "... To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses." See: Developers Console - API keys
    – Jake Braun
    Nov 30, 2015 at 18:51

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.