How to use app secret with REST protocol to access firebase realtime database

0
votes

According to google documentation all request types of firebase realtime database can use App secret, but documentation only covers authentication by token.

Should be simple but i can't find an example for API version 3. Also it is not clear to me if App key will be accepted by rule "auth != null" since requests using App secret don't use any account and auth is filled with user information like userid(uid).

I tried many things but, since i don't have a reference point, i don't know if the errors i am getting are because the request is malformed (not specifying App secret properly) or because the request is ok but the rule reject it.

Resuming, what is the correct syntax for passing app secret and how rules apply to requests using app secret?

And yes, i am building a app Server, so app secret is not distributed.

1
firebasefirebase-realtime-databasefirebase-authentication

1 Answers

1
votes

Basically you want to access Firebase from your server side code if I understand correctly.

From new console click gear icon on top left corner, next to project name, and go to Permissions tab.

Permissions

That takes you to IAM-Admin page. There you need to go to Service Accounts tab.

Service Accounts

On top you have a plus sign and Create Service Account button. Click that and fill the form, and download JSON file. You'll use it in your server side code.

Be careful, accessing Firebase from server by using Service Account file gives full access without any limitations defined in Rules.

All of this is described in new docs: Add Firebase to your Server