I'm trying to get an API key for a live chat plugin, but I can't get the key from Firebase.
No Web API Key for this project:
Any solution? Thanks!
Go to the authentication tab and enable a sign-in method (for example email/password). This will generate the web api key.
EDIT: as fen1ksss said: It seems this has been changed just recently. You don't actually need to toggle any of the providers to make it work.
there's been another small change: the authentication tab is now inside the "Engage" tab because google likes hide and seek. once there, follow as above.
Visiting https://console.firebase.google.com/u/0/project/project-id/settings/general/ where project-id is your project's id, should show you your api key written directly under your gcp resource location as "Web Api Key"
Also if you have gotten the config object from your firebase project before, your web api key is listed under the key "apiKey"
Related
I've added my project to firestore and I'm doing firestore google auth just fine.
My problem is firebase firestore.
It just doesn't work and I have no idea why.
I'm trying to do a simple add before doing the actual process for my app and it doesn't work.
here I implemented a simple function to add a user and then called it, doing it all in build function.
I get this in my console:
p.s.
"adding user" is printed on console.
p.s.
I do have the firebase_options.dart file.
These thing are you sure that the correct:
1.Using correct google_services.json file
2.Edit Fire store rules if you are not using authorization
You have to manually whitelist your existing Google OAuth 2.0 client IDs in the Firebase console before using it with the new Auth APIs.
In order to do so, follow these steps:
Go to the Credentials section in the Google API Console.
Select from the top right corner the project where you had previously configured Google Sign-In.
Go to the OAuth 2.0 client IDs section
If you are using Google Sign-In on Android or iOS applications:
Take note of the Client ID string corresponding to all the entries registered for your applications.
Input these Client IDs into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add there all you client IDs, to the whitelist of client IDs from external projects.
If you are using Google Sign-In on a web application:
Click to open your web client ID and take note of both the client ID and secret.
Input this Client ID into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add the values under the Web SDK configuration section.
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
In case you haven't, go to https://console.cloud.google.com and
Select your project
Click the menu icon at the top left (hamburger icon)
Go to API & Services and then credentials
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
To anyone still wondering about this:
If you provide a native google sign in and the registered
email adresses look like this:
karolynmccorkle.91842#gmail.com
normabrock.69306#gmail.com
guillermogeorge.53163#gmail.com
kylegomez.35423#gmail.com
opalbarrett.09499#gmail.com
they are probably test accounts used to generate Google Plays Pre-Launch reports.
You can read about it in the Play Console Help here.
If your app has a sign-in screen and you want the crawler to test the
sign-in process or the content behind it, you need to provide account
credentials.
Note that you do not need to provide credentials if your
app supports "Sign-in with Google,” which enables the crawler to log
in automatically.
I am trying to explore Cloud Storage JSON API V1, as mentioned in request, the GET request can be called with a key, I have tried many keys, I have created in credentials panel, but I am only getting keyInvalid or any other error, I want to know about this key, which API key Google Cloud Storage is using here
GET https://www.googleapis.com/storage/v1/b/wearableeot-39e6a.appspot.com?key={YOUR_API_KEY}
Thanks for help, I only want to know about this API Key.
I think you should follow the instructions you find here: https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#APIKey
In a nutshell, you should:
Go to the Credentials page in the Google Cloud Platform Console (not the Firebase console), for your project.
Click the "Create Credentials" drop-down box and choose "API key": you get the key in a dialog box.
Possibly restrict the key. See more infos here
I've just opened a Firebase Cloud Messaging project intended for Android push messages.
The gear icon shows one server key (obfuscated here for obvious reasons):
I would like to have more than one key, so I can distribute them to servers and developers and revoke compromised keys if necessary.
How do I manage (add and delete) server keys in Firebase?
Update:
As of the moment, the way it should be done in order to generate a new Server Key, as stated in the docs:
Starting from Sept. 2016 new server key can only be created in the Firebase Console using the Cloud Messaging tab of the Settings panel. Existing projects that need to create a new server key can be imported in the Firebase console without affecting their existing configuration.
For the project migration steps, see my answer here.
For generating Server Keys, there is no way to generate one in the Firebase Console. It can be done via the Google Developers Console:
Go to your Google Developers Console
On the left-pane, click on Credentials
Under the Credentials Tab, Click on Create Credentials
Select API Key
Steps retrieved from my answer here
After you select API Key, it will directly create an API key without asking what type of key (Server, Android, Browser, iOS) it is. It will only allow you to set some Restrictions that was visible depending on which API Key you intend to generate.
By default, the key generated has No Restrictions, this makes a key vulnerable, that's why it is highly encouraged for you to add a restriction for your API key. In this case, since you are using it for FCM (Server Key is needed), you must add an IP Address restriction and only allow specific server IP addresses.
With that said, I don't know how you plan to integrate multiple server keys to a single Firebase Project though. Why not just make use of the IP Addresses restriction and remove the server IP address that are deemed compromised?
It's not possible to have multiple cloud messaging server keys per project. I'd suggest you to have multiple Firebase projects for your application development staging environments.
If needed, you can then re-generate the server key in the Google Developer Console.
On the top-left corner of the screen, verify that the correct
project is selected.
On the left-side panel, click Credentials.
Under Credentials tab, click Server key (auto created by Google
Service).
Click Regenerate key button
A confirmation box will show up asking if you'd like to replace the current key, then click Replace key button.
Note that the new key will be available immediately. The current key will be deactivated permanently in 24 hours.
After all of these steps, you can check that the cloud messaging server key of your Firebase project is now updated.
In Firebase, the Server Key is auto-generated. If you check out the Firebase project in the Google Developer Console, it will be listed as such. You can then create more Keys from there (but will not be listed in the Firebase Console, from what I can tell).
Basically, you can better manage the keys thru the Google Developer Console.
Hope this helps!
You should avoid distributing API keys for the same project. If any one of those using the API keys are found to be abusing it then the entire project will be throttled, affecting all keys for the project.
If you do want to have multiple developers send notifications to your application then have each developer create a Firebase project then have the client register with each sender ID. You will still have the ability to rotate the API key for each developer, or have the client delete the token for a developer that you no longer want to receive messages from. This way any abuse from one developer does not negatively affect the project as a whole.
In Firebase, when we sign up , it gives us an API key for each firebase Url. But where is it used in a consuming application? The fireBase API does not provide any means to supply API Key.
Security : What prevents anyone to go ahead and write any object to the given firebase Url? How is the authorization managed?
You can generate your api key at https://console.developers.google.com/apis/credentials?project=[YOUR-PROJECT]
Replace [YOUR-PROJECT] with your proyect ID.
Find more information at https://support.google.com/cloud/answer/6158862
regards.
updated the links to the new Firebase website
Your question is very timely, as Firebase just announced its full security suite a few days ago.
There's a nice intro screencast and docs here: https://firebase.google.com/docs/database/security/
The "API Key" is the old name for a Firebase Secret. This is used to generate Authentication Tokens to prove to Firebase who users are. You can see docs on authentication here:
https://firebase.google.com/docs/auth/
Follow these steps:
Login to Firebase Console
Select your project
On the top left corner, you'll find Settings icon, click on Project Settings
For Web API key, you can find in General Tab
For Server Key, you can find under Cloud Messaging Tab