I was not able to find any resources about this, hence wanted to ask if it is a good idea / necessary to add throttling to callable https cloud functions in firebase on per user basis?

Example, I want to limit one user to be only able to call https function every 5 seconds.

If it is a viable thing to do, how would it be acheived?

There is not any inbuilt per user throttling capabilities in cloud functions. You have a few options of doing your own:

• Put logic in your client side apps that tracks the amount of times a user is calling them and deny the call if too frequent

Issue here is that if someone is trying to game you this wouldn't be 100% effective as they could use multiple windows, etc.

• You could implement a database solution where you track their usage and at the beginning of your function you check if they are violating your rate limit

Issue here is you are still having the triggers of your functions incurring the costs.

• If it was a super big issue for you, I would recommend looking at using an API management platform such as Apigee where you can apply policies such as rate limiting

This a heavy weight solution with an increased cost and so wouldn't do it unless necessary