Using a Postman to Access Firebase REST APIs

Question

Using a Postman to Access Firebase REST APIs

I am trying to use a postman to call the REST API for firebase. I was able to read from firebase when my security rule allows all users, including unauthorized ones.

but when I use this rule:

{"rules":{".read": "auth != null", ".write": "auth != null"}}

I get "error": "permission denied" from the postman. I made a request token for google web oauth2.0 and got a code authorization token.

I tried using the token in the URL and in the header, tried it with a GET and POST request, and still got a denial.

please, help. thanks in advance

+8

REST Firebase Firebase-database postman Firebase-realtime-database

Reno Wijoyo Jul 29 '16 at 14:55

source share

6

CodyBugstein · Answer 1 · 2016-11-11T21:23:34+0000

.

,

( ) → ( ) → ( ) → , bulltets

auth, .. .../mycollection.json?auth=HERE

Andre Evangelista · Answer 2 · 2016-10-29T03:17:05+0000

:

HTTPS://your-database-url/users.json AUTH = YOUR_AUTH_KEY

AUTH_KEY?

Project Settings → Database → Secret Key

Veeresh Charantimath · Answer 3 · 2016-07-29T17:53:53+0000

-

https://your-database-url/users.json?auth=YOUR_AUTH_KEY

Respone - JSON node

Morgan O'Neal · Answer 4 · 2017-08-23T02:40:17+0000

Postman Authentication: Bearer JWT. API Firebase Auth . https://gist.github.com/moneal/af2d988a770c3957df11e3360af62635

:

/**
 * This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
 * in the Firebase console under project settings then 'Web API Key'.
 * 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from 
 * your Firebase app, look for the formdata values
 * 
 * If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the 
 * global 'refresh_token'.
 * 
 * Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'
 *
 * Currently the nested assertions silently fail, I don't know why.
 */
pm.expect(pm.globals.has('refresh_token')).to.be.true;
pm.expect(pm.globals.has('firebase_api_key')).to.be.true;

var sdk = require('postman-collection'),
  tokenRequest = new sdk.Request({
    url: 'https://securetoken.googleapis.com/v1/token',
    method: 'POST',
    body: {
      mode: 'urlencoded',
      urlencoded: [{
          type: 'text',
          key: 'key',
          value: pm.globals.get('firebase_api_key')
        },
        {
          type: 'text',
          key: 'grant_type',
          value: 'refresh_token'
        },
        {
          type: 'text',
          key: 'refresh_token',
          value: pm.globals.get('refresh_token')
        },
      ]
    }
  });

pm.sendRequest(tokenRequest, function(err, response) {

  pm.test('request for access token was ok', function() {
    pm.expect(response).to.be.ok();
  });

  const json = response.json();
  pm.expect(json).to.an('object');

  pm.test('response json has needed properties', function() {

    pm.expect(json).to.have.own.property('access_token');
    pm.expect(json).to.have.own.property('token_type');
    pm.expect(json).to.have.own.property('refresh_token');

    const accessToken = json.access_token;
    const tokenType = json.token_type;
    const refreshToken = json.refresh_token;

    pm.environment.set('auth_jwt', tokenType + ' ' + accessToken);
    pm.globals.set('refresh_token', refreshToken);

  });

});

sud007 · Answer 5 · 2018-08-30T17:35:54+0000

:

1 URL

https://YOUR_PROJECT_URL.firebaseio.com/YOUR_STRUCTURE/CLASS.json

2 API auth

auth = API_KEY

:

rahulkesharwani · Answer 6 · 2019-05-25T20:10:52+0000

. , , ( - ).

Postman - Google OAuth2. , .

1: Service-Accounts.json

2. Java ( , )

:

implementation 'com.google.api-client:google-api-client:1.25.0'

<dependency>
   <groupId>com.google.api-client</groupId>
   <artifactId>google-api-client</artifactId>
   <version>1.25.0</version>
 </dependency>

( Google Javadocs)

   // Load the service account key JSON file
     FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");

     GoogleCredential scoped = GoogleCredential
     .fromStream(serviceAccount)
     .createScoped(
         Arrays.asList(
           "https://www.googleapis.com/auth/firebase.database",
           "https://www.googleapis.com/auth/userinfo.email"
         )
     );
     // Use the Google credential to generate an access token
     scoped.refreshToken();
     String token = scoped.getAccessToken();
     System.out.println(token);

Using a Postman to Access Firebase REST APIs

1: Service-Accounts.json

2. Java ( , )

3:

More articles: