firebase Cloud Json API using API KEY - firebase

I am trying to explore Cloud Storage JSON API V1, as mentioned in request, the GET request can be called with a key, I have tried many keys, I have created in credentials panel, but I am only getting keyInvalid or any other error, I want to know about this key, which API key Google Cloud Storage is using here
GET https://www.googleapis.com/storage/v1/b/wearableeot-39e6a.appspot.com?key={YOUR_API_KEY}
Thanks for help, I only want to know about this API Key.

I think you should follow the instructions you find here: https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#APIKey
In a nutshell, you should:
Go to the Credentials page in the Google Cloud Platform Console (not the Firebase console), for your project.
Click the "Create Credentials" drop-down box and choose "API key": you get the key in a dialog box.
Possibly restrict the key. See more infos here

Related

Web API Key missing in firebase

I'm trying to get an API key for a live chat plugin, but I can't get the key from Firebase.
No Web API Key for this project:
Any solution? Thanks!
Go to the authentication tab and enable a sign-in method (for example email/password). This will generate the web api key.
EDIT: as fen1ksss said: It seems this has been changed just recently. You don't actually need to toggle any of the providers to make it work.
there's been another small change: the authentication tab is now inside the "Engage" tab because google likes hide and seek. once there, follow as above.
Visiting https://console.firebase.google.com/u/0/project/project-id/settings/general/ where project-id is your project's id, should show you your api key written directly under your gcp resource location as "Web Api Key"
Also if you have gotten the config object from your firebase project before, your web api key is listed under the key "apiKey"

How can I access user data stored in Firebase using Google Assistant?

I have some user data stored in Firebase in users/userID/data
I'm using Dialogflow to recognize for example the following intent:
retrieve my email
which triggers a webhook and passes as parameter email, which is the data the user wants to retrieve. How to I pass the firebase userID? I guess I need to implement some kind of logging for the Google Assistant, but I cannot find how can I link the Firebase user account to google actions and how would I get this firebase userID
Is there a standard or recommend way to achieve this?
There is no pre-built solution for this right now.
You will need to implement Account Linking with the Google Assistant.It was done this way to give you, and your users, maximum flexibility. You'll be able to authenticate them using a variety of methods, not just Google Auth, and users are able to use a Google identity for you that may be different than the one they use for the Assistant. Account Linking will associate them without revealing to you which account they use on the Assistant.
This means creating an OAuth server that lets users log in using their Firebase account and issuing tokens to the Assistant. Google does provide some information about the procedure you should follow when creating your OAuth server, and you should be able to create this using Firebase Hosting and Firebase Cloud Functions.
Then, each time the Assistant calls your action, it will send the tokens back to you. You would use this token to determine the Firebase userid and then can look them up in the database.

Manage server keys in Firebase Cloud Messaging

I've just opened a Firebase Cloud Messaging project intended for Android push messages.
The gear icon shows one server key (obfuscated here for obvious reasons):
I would like to have more than one key, so I can distribute them to servers and developers and revoke compromised keys if necessary.
How do I manage (add and delete) server keys in Firebase?
Update:
As of the moment, the way it should be done in order to generate a new Server Key, as stated in the docs:
Starting from Sept. 2016 new server key can only be created in the Firebase Console using the Cloud Messaging tab of the Settings panel. Existing projects that need to create a new server key can be imported in the Firebase console without affecting their existing configuration.
For the project migration steps, see my answer here.
For generating Server Keys, there is no way to generate one in the Firebase Console. It can be done via the Google Developers Console:
Go to your Google Developers Console
On the left-pane, click on Credentials
Under the Credentials Tab, Click on Create Credentials
Select API Key
Steps retrieved from my answer here
After you select API Key, it will directly create an API key without asking what type of key (Server, Android, Browser, iOS) it is. It will only allow you to set some Restrictions that was visible depending on which API Key you intend to generate.
By default, the key generated has No Restrictions, this makes a key vulnerable, that's why it is highly encouraged for you to add a restriction for your API key. In this case, since you are using it for FCM (Server Key is needed), you must add an IP Address restriction and only allow specific server IP addresses.
With that said, I don't know how you plan to integrate multiple server keys to a single Firebase Project though. Why not just make use of the IP Addresses restriction and remove the server IP address that are deemed compromised?
It's not possible to have multiple cloud messaging server keys per project. I'd suggest you to have multiple Firebase projects for your application development staging environments.
If needed, you can then re-generate the server key in the Google Developer Console.
On the top-left corner of the screen, verify that the correct
project is selected.
On the left-side panel, click Credentials.
Under Credentials tab, click Server key (auto created by Google
Service).
Click Regenerate key button
A confirmation box will show up asking if you'd like to replace the current key, then click Replace key button.
Note that the new key will be available immediately. The current key will be deactivated permanently in 24 hours.
After all of these steps, you can check that the cloud messaging server key of your Firebase project is now updated.
In Firebase, the Server Key is auto-generated. If you check out the Firebase project in the Google Developer Console, it will be listed as such. You can then create more Keys from there (but will not be listed in the Firebase Console, from what I can tell).
Basically, you can better manage the keys thru the Google Developer Console.
Hope this helps!
You should avoid distributing API keys for the same project. If any one of those using the API keys are found to be abusing it then the entire project will be throttled, affecting all keys for the project.
If you do want to have multiple developers send notifications to your application then have each developer create a Firebase project then have the client register with each sender ID. You will still have the ability to rotate the API key for each developer, or have the client delete the token for a developer that you no longer want to receive messages from. This way any abuse from one developer does not negatively affect the project as a whole.

Firebase Cloud Messaging server key not displaying at Console

My server key is not displaying at my firebase Console. What configuration should I do?
This is a known issue and is being addressed. Usually you would get into this state when the API key automatically generated by the creation of the Firebase project is deleted from the Google Developer console. The Firebase console UI currently only shows the automatically generated server API key, and nothing if that key is deleted.
You can still use any valid server API key in the corresponding Google Developer project. So go to the Google Developer console and use one of the Server API keys there or create one if it does not exist.

Firebase - What is the API Key

In Firebase, when we sign up , it gives us an API key for each firebase Url. But where is it used in a consuming application? The fireBase API does not provide any means to supply API Key.
Security : What prevents anyone to go ahead and write any object to the given firebase Url? How is the authorization managed?
You can generate your api key at https://console.developers.google.com/apis/credentials?project=[YOUR-PROJECT]
Replace [YOUR-PROJECT] with your proyect ID.
Find more information at https://support.google.com/cloud/answer/6158862
regards.
updated the links to the new Firebase website
Your question is very timely, as Firebase just announced its full security suite a few days ago.
There's a nice intro screencast and docs here: https://firebase.google.com/docs/database/security/
The "API Key" is the old name for a Firebase Secret. This is used to generate Authentication Tokens to prove to Firebase who users are. You can see docs on authentication here:
https://firebase.google.com/docs/auth/
Follow these steps:
Login to Firebase Console
Select your project
On the top left corner, you'll find Settings icon, click on Project Settings
For Web API key, you can find in General Tab
For Server Key, you can find under Cloud Messaging Tab

Resources