REST API for firestore with Google Identity OAuth 2.0 toke

Question

I want to use REST API for firestore using following url https://firestore.googleapis.com/v1beta1/projects/{projectid}/databases/(default)/documents/products?key={apikey}

current rule for database is

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}

even after providing key I'm geting error as "Missing or insufficient permissions.",

Doug Stevenson Doug Stevenson · Accepted Answer · 2020-02-13T16:12:41

Passing a key parameter in the REST API doesn't have anything to do with security rules. The rule you're showing limits access to users in your app who are currently authenticated with Firebase Authentication and have a Firebase ID token:

Working with Firebase ID tokens

You can attain a Firebase ID token in two ways:

Generate a Firebase ID token using the Firebase Authentication REST API.

Retrieve a user's Firebase ID token from a Firebase Authentication SDK.

By retrieving a user's Firebase ID token, you can make requests on behalf of the user.

For requests authenticated with a Firebase ID token and for unauthenticated requests, Cloud Firestore uses your Cloud Firestore Security Rules to determine if a request is authorized.

If you're trying to authenticate with either a Firebase or Oauth token, you should pass it as described in the documentation:

Authenticating with an access token

After you obtain either a Firebase ID token or a Google Identity OAuth 2.0 token, pass it to the Cloud Firestore endpoints as an Authorization header set to Bearer {YOUR_TOKEN}.

Note that authenticating with a service account always bypasses all security rules. They only apply to Firebase users, or unauthenticated access.

REST API for firestore with Google Identity OAuth 2.0 toke

2 Answers