My server key is not displaying at my firebase Console. What configuration should I do?
This is a known issue and is being addressed. Usually you would get into this state when the API key automatically generated by the creation of the Firebase project is deleted from the Google Developer console. The Firebase console UI currently only shows the automatically generated server API key, and nothing if that key is deleted.
You can still use any valid server API key in the corresponding Google Developer project. So go to the Google Developer console and use one of the Server API keys there or create one if it does not exist.
Related
I have a firebase site which initialises with
<script src="/__/firebase/init.js"></script>
as described here: https://firebase.google.com/docs/hosting/reserved-urls#sdk_auto-configuration
init.js is auto-generated by either the firebase deploy console or firebase hosting (I'm unclear which). This was all working fine until recently, when a new API key for my project was created in the https://console.developers.google.com/apis/credentials console. This new key had HTTP referrer restrictions, for some other domains (not my firebase site).
The next time I deployed my site after this key was created, firebase auth was broken. The error was Requests from referer https://my-site.firebaseapp.com/ are blocked.. I found the reason was because now init.js contained the wrong API key - the new, unrelated, restricted key, rather than the correct "Web API key" as shown in firebase console under settings -> General.
How do I control how init.js is generated? Is this a bug in firebase?
I'm planning my project's migration from GCM to FCM.
An experienced FCM person says:
... after importing the project to Firebase, it would generate its own Server Key that you could use [in FCM legacy API calls to push to devices with GCM-generated tokens and FCM-generated tokens]
With this new Firebase Server Key I would no longer need the old GCM Server Key. Because the old GCM key won't be necessary I'd like to revoke it to limit possible attacks. Is it possible to revoke all old GCM Server Keys for a project after migrating the project to FCM?
It's possible. GCM Projects were provided Server Keys that are accessible via the Google Developer's Console (make sure you select the correct project).
From the screenshot above, you could see Server key (auto created by Google Service). The option to delete the API Key can also be seen here -- the trash icon is beside the copy icon.
If you already imported the project to Firebase, navigating to the Cloud Messaging tab would also show the old Server Key, aka the Legacy Server Key.
Choosing to delete the default Server API Key will show the following prompt:
This credential will be deleted immediately and permanently. Once deleted, it can no longer be used to make API requests.
Do you want to delete the credential?
Proceeding to delete the key, then refreshing both pages afterwards, would show a new auto created Server Key.
I am trying to explore Cloud Storage JSON API V1, as mentioned in request, the GET request can be called with a key, I have tried many keys, I have created in credentials panel, but I am only getting keyInvalid or any other error, I want to know about this key, which API key Google Cloud Storage is using here
GET https://www.googleapis.com/storage/v1/b/wearableeot-39e6a.appspot.com?key={YOUR_API_KEY}
Thanks for help, I only want to know about this API Key.
I think you should follow the instructions you find here: https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#APIKey
In a nutshell, you should:
Go to the Credentials page in the Google Cloud Platform Console (not the Firebase console), for your project.
Click the "Create Credentials" drop-down box and choose "API key": you get the key in a dialog box.
Possibly restrict the key. See more infos here
In Firebase console under Project Settings/General beneath the Project ID field there is a Web API key :
Where is this used? I know that the Server key found under Project Settings/Cloud Messaging is used as Authorization key to make calls to the firebase console:
I have also noticed that in google-services.json ther is an "api_key" property that has a "current_key" value which is different from both keys that I have mentioned. What is that key?
From my answer here:
current key - nothing is explicitly stated anywhere in the docs where it is used, however, among the 3 services where the google-services.json was originally used for before Firebase (Google Sign-in, Analytics, GCM), I'm guessing it would be between Google Sign-in and Analytics. As also mentioned by #DiegoGiorgini here:
The api_key value in google-services.json is not used by FCM. (it is used by other Firebase libraries)
So it can be for a separate Google non-Firebase or Firebase service.
Web API Key - this one I haven't had a chance to use before. However, I've seen other posts wherein this specific API key is used often on Web apps related to Firebase (possibly also for Auth purposes?), but I'm not entirely sure.
Server Key - as per the docs:
A server key that authorizes your app server for access to Google services, including sending messages via Firebase Cloud Messaging.
current_key (as per the docs) is the Android key auto-created by Firebase when creating a Firebase Android App. It's NOT used to control access to backend resources. Instead, it's used to identify your Firebase project when interacting with Firebase/Google services. Specifically, it's used to associate API requests with your project for quota and billing.
Web API Key (as per the docs): can be used to authenticate users by passing its value to the key query parameter in several API endpoints, e.g., sign up or sign in using email & password, generate refresh token, etc.
Server Key (as per the docs): is a server key that authorizes your app server for access to Google services, including sending messages via the Firebase Cloud Messaging legacy protocols.
I've just opened a Firebase Cloud Messaging project intended for Android push messages.
The gear icon shows one server key (obfuscated here for obvious reasons):
I would like to have more than one key, so I can distribute them to servers and developers and revoke compromised keys if necessary.
How do I manage (add and delete) server keys in Firebase?
Update:
As of the moment, the way it should be done in order to generate a new Server Key, as stated in the docs:
Starting from Sept. 2016 new server key can only be created in the Firebase Console using the Cloud Messaging tab of the Settings panel. Existing projects that need to create a new server key can be imported in the Firebase console without affecting their existing configuration.
For the project migration steps, see my answer here.
For generating Server Keys, there is no way to generate one in the Firebase Console. It can be done via the Google Developers Console:
Go to your Google Developers Console
On the left-pane, click on Credentials
Under the Credentials Tab, Click on Create Credentials
Select API Key
Steps retrieved from my answer here
After you select API Key, it will directly create an API key without asking what type of key (Server, Android, Browser, iOS) it is. It will only allow you to set some Restrictions that was visible depending on which API Key you intend to generate.
By default, the key generated has No Restrictions, this makes a key vulnerable, that's why it is highly encouraged for you to add a restriction for your API key. In this case, since you are using it for FCM (Server Key is needed), you must add an IP Address restriction and only allow specific server IP addresses.
With that said, I don't know how you plan to integrate multiple server keys to a single Firebase Project though. Why not just make use of the IP Addresses restriction and remove the server IP address that are deemed compromised?
It's not possible to have multiple cloud messaging server keys per project. I'd suggest you to have multiple Firebase projects for your application development staging environments.
If needed, you can then re-generate the server key in the Google Developer Console.
On the top-left corner of the screen, verify that the correct
project is selected.
On the left-side panel, click Credentials.
Under Credentials tab, click Server key (auto created by Google
Service).
Click Regenerate key button
A confirmation box will show up asking if you'd like to replace the current key, then click Replace key button.
Note that the new key will be available immediately. The current key will be deactivated permanently in 24 hours.
After all of these steps, you can check that the cloud messaging server key of your Firebase project is now updated.
In Firebase, the Server Key is auto-generated. If you check out the Firebase project in the Google Developer Console, it will be listed as such. You can then create more Keys from there (but will not be listed in the Firebase Console, from what I can tell).
Basically, you can better manage the keys thru the Google Developer Console.
Hope this helps!
You should avoid distributing API keys for the same project. If any one of those using the API keys are found to be abusing it then the entire project will be throttled, affecting all keys for the project.
If you do want to have multiple developers send notifications to your application then have each developer create a Firebase project then have the client register with each sender ID. You will still have the ability to rotate the API key for each developer, or have the client delete the token for a developer that you no longer want to receive messages from. This way any abuse from one developer does not negatively affect the project as a whole.