In Google Firebase pricing (https://firebase.google.com/pricing/) table states:
The Spark plan only allows outbound network requests to Google-owned
services.
Does it mean that JS function in web browser (client) page can't call Firebase function and retrieve data in FREE TIER?
firebaser here
Good catch, that piece of documentation probably should be clarified.
Inbound requests are allowed, as long as you're within your allowed quota. So your app can call a Cloud Function.
Outbound requests for projects on the free plan are only allowed to Google-owned services. So your Cloud Function code can only call google owned web APIs, unless it's on a paid plan.
Update: the above applies up to Node.js runtimes up to v8. From Node.js 10 and upwards your Firebase project needs to be on a paid plan to be able to use Cloud Functions. For full details on this, see the Firebase FAQ on Cloud Functions pricing.
At lowest possible costs (USD 11.53) it is better to have Blaze plan and use REST calls to Firebase functions freely:
no, they do not talk about JavaScript Functions, they talk about serverless computing functions
https://firebase.google.com/features/functions/
theses functions can make only make http calls to Google Services and e.g. not to Yahoo or Amazon services
Related
I have to build an API using Firebase, and need some help with design choices. I want to be able to sell the API to users, who can then use it to build/integrate their own applications. Users will have both read and write privileges.
General information:
I'm using Firestore db with email & password authentication.
Only specifically assigned users may use the API
Each user may only access specific documents concerning them.
I've noticed 3 different ways in which an API can be provided to a user of my Firestore db:
https triggered cloud functions (https://firebase.google.com/docs/functions/http-events)
Using the SDK (https://firebase.google.com/docs/firestore/client/libraries)
Using the REST API provided by Firbase (https://firebase.google.com/docs/firestore/use-rest-api)
API requirements:
Used only by users that I specifically grant access to (email & password login)
I want to limit these users to only a couple of read/write tasks that they're able to perform.
It needs to be safe.
My current approach is:
Use the 3rd option - the REST API provided by Firebase (thereby giving users the projectId and API key)
Add authorised users to the list of authorised accounts on Firbase, and limit access using custom claims and database rules.
My questions:
It seems that https functions (option 1) are normally used in API building. Are options 2 and 3 unsafe?
What are the normal use cases of the 3 options? When should each be used and when should each be avoided?
Are there any obvious flaws in my choice of option 3?
Any other useful information about making these design decisions will be much appreciated.
Thank you in advance
TL;DL: It depends on what you want to do with this API and how many and what type of devices/users will be calling it.
Before answering your questions I will list below the advantages of each approach:
Cloud Functions:
Cloud Function is a Functions as a Service Solution, so it's also a hosting service for your API, therefore you won't have to provision, manage, or upgrade servers and the API will automatically scale based on the load. Also this option takes into account the pros of SDKs and client libraries, since your code will have to use it to connect to Firestore anyway.
SDKs and client libraries:
This is the easiest and more optimized way to reach Firestore, however, environments where running a native library is not possible such as IOT devices will be left out of your solution, so consider this while implementing this option.
Cloud Firestore REST API:
Every device properly authorized to access Firestore will be able to do so.
NOTE: For both SDK and REST API you will need to consider hosting of your API, either on Cloud Functions, as mentioned, App Engine Standard, App Engine Flex or a Compute Engine Server Instance.
All that being said, it's up to you and your API's usage and requirements to say which option is best considering the points above.
As per security, I'd say that all option can be secure if firebase rules and firebase auth are set correctly.
I'm teaching myself to use Flutter and I'm making an app that queries The Movie Database API. Currently, I'm having the client query the API on launch but I'm thinking this is not the most efficient way of doing it, and I would rather have the client query a backend service like Firebase to get the same data.
I would appreciate some guidance into where to start in order to setup a periodical process to query the API and use the results as entries into a Firestore DB. I've looked online but I might be using suboptimal keywords since I haven't found a good tutorial or example for this.
Thanks.
You can use Firebase Cloud Functions to build code that runs on Firebase servers to fill your Firebase database, but you can only make HTTP requests to non-Google addresses if you use a paid plan.
https://firebase.googleblog.com/2017/03/how-to-schedule-cron-jobs-with-cloud.html explains how to invoke periodic tasks with Cloud Functions. It utilizes Google AppEngine for that because Cloud Functions doesn't provide that out of the box.
I'm building a SAAS project on Firebase and weighing the pros and cons of multi-tenant architecture vs managed Firebase instances for each account.
One of the key challenges with managed instances is reporting usage. I've searched through Firebase docs but have not been able to find an API endpoint to fetch a Firebase project's account usage (eg bandwidth, function invocations, storage, etc).
Is there a API that I'm missing or is this alternatively possible with core Google Cloud APIs?
firebaser here
We just added a REST API to manage projects and the apps in those projects. But there is currently no way to report usage for a project across all Firebase products. It sounds like a useful feature through, so I recommend filing a feature request.
Until a feature is added that fits your needs, you will have to do the tracking from within your own app, or by proxying the tracked functionality through Cloud Functions, where you can then log whatever you need for tracking usage.
What is the scope of implementing a micro-service architecture using firebase cloud functions? Is it a correct way to do it or is it a step backward. As we have seen fire base is built to be server less application back-end, But with multiple triggers and support for HTTPS should we try to get back to micro services. Just to try I have implemented multiple services on firebase cloud functions which had multiple URLs, they had a really good response time averaging at 500ms
This is a very challenging question to answer. It is not a step backward, you can think of Cloud Functions as a tool that you can use along with other technologies to implement your microservice strategy. For instance, if you are going to be leveraging the Firebase Database, and other features within Firebase then it makes sense to use the Cloud Functions for Firebase.
Let's say you don't want to use Cloud Functions for Firebase and you choose another technology such as Kubernetes or App Engine. First, you'll have to add the firebase SDKs to that stack and make sure it can access your Firebase project. You get access for free in Cloud Functions for Firebase. Next, you will write the same code that you would implement in the Cloud Function. Finally, you will have additional steps for deploying those technologies. Leveraging Cloud Functions for Firebase will be quicker and more productive.
As time goes on it will become more apparent when to use an additional technology. I recently wrote a blog post about when I would choose Container Engine over Cloud Functions. This topic can become subjective since it's really based on your needs, features, and the technologies you are working with.
Cloud Functions vs Container Engine
I am using Firebase for my new project. This will be used on both Android and IOS. As you can guess I don't want to write the same code over and over again for both OS.
I am considering to code most of the work with Javascript on the cloud functions. In order to do that I need to use HTTP Requests to call my functions since firebase doesn't support any other way to call cloud functions.
There is two question in my head about this.
Is this possible and does it makes sense?
Since I've been using HTTP Requests all the time isn't that make my app open to listening with tools like Wireshark etc if there are multiple users on the same network? (I know Firebase now supports SSL but do I have to but a domain and license for that?)
What is the best way to do it in an engineer's perspective?
You can certainly move more of your app logic into Cloud Functions. But it's not really true that the only way to invoke a Cloud Function is via HTTP. You can also push data into your database to invoke a database trigger. I gave a talk on this at Google I/O yesterday about how I made a game with all the logic in Cloud Functions. You can watch it here.