All geek questions in one place

Creating an API with Firebase 3

I have a use case when I would like to create an API that allows users of my Firebase web application to access their part of the Firebase real-time database programmatically from the server.

Ive explored a few options, but it would be great to get a recommendation on the best approach to promotion. Here is what I have tried so far:

  • Using a service account . Initially, I was thinking of giving users of my application access to a service account that they could set up on their servers to interact with the Firebase database in real time. I limited user access only to my part of the database, setting rules to allow read-only access on nodes with a specific userId. By giving users access to their users, users are allowed to write their node, but not more than one. This worked, however, I think that giving users access to the Firebase service account is very insecure and for this reason has now discounted it as a possible method.

  • Email / Password REST Auth . I came across this Firebase authentication message via REST. Using the email and password for authentication through the REST API [Firebase] . Ive tested the method and it works, so I thought I could use it so that users could use their email address and password to log into Firebase programmatically from their servers, create a token using the method described above, and then access the Firebase database in real time using a token with regular REST requests - https://firebase.google.com/docs/reference/rest/database/#section-param-auth . Although I think this will work, I know that it uses an undocumented / unsupported API, so I would like to avoid it if possible.

  • Wrap around the Firebase service account in AWS Lambda . The third option I tried is to wrap the Firebase service account worker with AWS Lambda and use the AWS API Gateway to create an API that users can require the user to include their userId in the request, and the service account worker running on AWS Lambda , performed some validation in the request, and then updates the real-time Firebase database. This is essentially the same as option 1, but it hides the credentials of the service account from the user, so I think it will be safe. The disadvantage of this approach is that I will be billed for real-time calls to the Firebase database and calls to AWMS Lambda / API gateways.

, - , !

+4
1

, , .

tl; dr: # 2.

# 1 - , , , Google Cloud,

# 3 - . AWS API Gateway, Google Cloud Compute ( Cloud Function, ), Google Cloud Endpoints , , , , firebase auth. firebase auth API keys,, API. , uid firebase-admin, 1:1 API Key:Firebase UID .

# 2, , , , . , , , , , , - :)

+1

Source: https://habr.com/ru/post/1652759/

More articles:


All Articles