In Firebase, when we sign up , it gives us an API key for each firebase Url. But where is it used in a consuming application? The fireBase API does not provide any means to supply API Key.
Security : What prevents anyone to go ahead and write any object to the given firebase Url? How is the authorization managed?
You can generate your api key at https://console.developers.google.com/apis/credentials?project=[YOUR-PROJECT]
Replace [YOUR-PROJECT] with your proyect ID.
Find more information at https://support.google.com/cloud/answer/6158862
regards.
updated the links to the new Firebase website
Your question is very timely, as Firebase just announced its full security suite a few days ago.
There's a nice intro screencast and docs here: https://firebase.google.com/docs/database/security/
The "API Key" is the old name for a Firebase Secret. This is used to generate Authentication Tokens to prove to Firebase who users are. You can see docs on authentication here:
https://firebase.google.com/docs/auth/
Follow these steps:
Login to Firebase Console
Select your project
On the top left corner, you'll find Settings icon, click on Project Settings
For Web API key, you can find in General Tab
For Server Key, you can find under Cloud Messaging Tab
Related
I'm creating a Xamarin project to test Azure Notification Hub, but I'm having trouble going through the steps in this article
Under the section "Create a Firebase project and enable Firebase Cloud Messaging"
Step 6 is obsolete as Google seems to have changed their model to obtain a Server Key, or the Server Key does not apply to FCM.
Can anyone shed a light on how to obtain an Api key for Azure Notification Hub?
expanding DrDave's comment
From https://console.firebase.google.com/project/--your_project_name--/settings/cloudmessaging
Click on the three-dots menu of the "Cloud Messaging API (Legacy) đźš« Disabled" Heading
Follow the offered link to manage in google cloud console, and there press the button to enable the googlecloudmessaging API
Wait a few minutes
Go back to your Firebase console Cloud Messaging Tab, and refresh.
See that the Cloud Messaging API header has changed to "Cloud Messaging API (Legacy) âś… Enabled" and that a Server Key is now shown.
If you go to the Build section, Authentication menu item, and then click the 'Get Started' button, then navigate back to the Project Settings/General tab, you should see the API key.
EDIT: This is not the proper key for the Azure Notification Hub. See my comment below for the correct key.
There currently does not seem to be a proper answer to this.
When using FCM, if you head to the Authentication page on the Firebase Console for your app and select 'Get Started', follow the steps and then head back to the 'General' tab in your project settings page, you will see that it now has a Web API key.
This isn't useful for Azure Notification Hubs as if you try insert this key into the API key entry for a hub, it will not accept it.
The only answer seems to be to use the legacy GCM API, which is not ideal as it has been deprecated and certain APIs are no longer available.
I've added my project to firestore and I'm doing firestore google auth just fine.
My problem is firebase firestore.
It just doesn't work and I have no idea why.
I'm trying to do a simple add before doing the actual process for my app and it doesn't work.
here I implemented a simple function to add a user and then called it, doing it all in build function.
I get this in my console:
p.s.
"adding user" is printed on console.
p.s.
I do have the firebase_options.dart file.
These thing are you sure that the correct:
1.Using correct google_services.json file
2.Edit Fire store rules if you are not using authorization
You have to manually whitelist your existing Google OAuth 2.0 client IDs in the Firebase console before using it with the new Auth APIs.
In order to do so, follow these steps:
Go to the Credentials section in the Google API Console.
Select from the top right corner the project where you had previously configured Google Sign-In.
Go to the OAuth 2.0 client IDs section
If you are using Google Sign-In on Android or iOS applications:
Take note of the Client ID string corresponding to all the entries registered for your applications.
Input these Client IDs into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add there all you client IDs, to the whitelist of client IDs from external projects.
If you are using Google Sign-In on a web application:
Click to open your web client ID and take note of both the client ID and secret.
Input this Client ID into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add the values under the Web SDK configuration section.
I'm trying to get an API key for a live chat plugin, but I can't get the key from Firebase.
No Web API Key for this project:
Any solution? Thanks!
Go to the authentication tab and enable a sign-in method (for example email/password). This will generate the web api key.
EDIT: as fen1ksss said: It seems this has been changed just recently. You don't actually need to toggle any of the providers to make it work.
there's been another small change: the authentication tab is now inside the "Engage" tab because google likes hide and seek. once there, follow as above.
Visiting https://console.firebase.google.com/u/0/project/project-id/settings/general/ where project-id is your project's id, should show you your api key written directly under your gcp resource location as "Web Api Key"
Also if you have gotten the config object from your firebase project before, your web api key is listed under the key "apiKey"
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
In case you haven't, go to https://console.cloud.google.com and
Select your project
Click the menu icon at the top left (hamburger icon)
Go to API & Services and then credentials
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
To anyone still wondering about this:
If you provide a native google sign in and the registered
email adresses look like this:
karolynmccorkle.91842#gmail.com
normabrock.69306#gmail.com
guillermogeorge.53163#gmail.com
kylegomez.35423#gmail.com
opalbarrett.09499#gmail.com
they are probably test accounts used to generate Google Plays Pre-Launch reports.
You can read about it in the Play Console Help here.
If your app has a sign-in screen and you want the crawler to test the
sign-in process or the content behind it, you need to provide account
credentials.
Note that you do not need to provide credentials if your
app supports "Sign-in with Google,” which enables the crawler to log
in automatically.
I am trying to explore Cloud Storage JSON API V1, as mentioned in request, the GET request can be called with a key, I have tried many keys, I have created in credentials panel, but I am only getting keyInvalid or any other error, I want to know about this key, which API key Google Cloud Storage is using here
GET https://www.googleapis.com/storage/v1/b/wearableeot-39e6a.appspot.com?key={YOUR_API_KEY}
Thanks for help, I only want to know about this API Key.
I think you should follow the instructions you find here: https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing#APIKey
In a nutshell, you should:
Go to the Credentials page in the Google Cloud Platform Console (not the Firebase console), for your project.
Click the "Create Credentials" drop-down box and choose "API key": you get the key in a dialog box.
Possibly restrict the key. See more infos here