How do I access my Firebase Database via HTTP REST API? - McMap

About

How do I access my Firebase Database via HTTP REST API?

Asked 10/11, 2016 at 5:45 Answered 12/11, 2016 at 20:5

Solved firebase firebase-realtime-database firebase-authentication access-token refresh-token

M

1

16

Thanks to this answer I am able to connect to Firebase 3 via HTTP REST API and an email/password. Logging in with this API returns an access token that is used to access the Firebase Database. This access token expires after 1 hour. A refresh token is also returned after logging in, which I can use to refresh my access token. Here is what I am doing specifically:

Method:

POST

URL:

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>

Payload:

{
    email: "<email>",
    password: "<password>",
    returnSecureToken: true
}

Response:

{
    "kind": "identitytoolkit#VerifyPasswordResponse",
    "localId": "<firebase-user-id>", // Use this to uniquely identify users
    "email": "<email>",
    "displayName": "",
    "idToken": "<provider-id-token>", // Use this as the auth token in database requests
    "registered": true,
    "refreshToken": "<refresh-token>",
    "expiresIn": "3600"
}

In the case of refreshing my access token:

URL:

https://securetoken.googleapis.com/v1/token?key=<my-firebase-api-key>

Payload:

{
    grant_type: "refresh_token",
    refresh_token: "<refresh-token>"
}

Response:

{
  "access_token": "<access-token>",
  "expires_in": "3600",
  "token_type": "Bearer",
  "refresh_token": "<refresh-token>",
  "id_token": "<id-token>",
  "user_id": "<user-id>",
  "project_id": "<project-id>"
}

How do I access my database via HTTP REST API given that I have my access token?

Marchelle answered 10/11, 2016 at 5:45 Comment(1)

check this out https://firebase.google.com/docs/reference/rest/database#section-param-auth they have mention in the docs. – Discomfort 11/11, 2019 at 6:58

M

17

So after communicating with technical support, here's my answer:

In your database rules, include something like this that is compatible with what you're doing:

{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid",
".read": "$user_id === auth.uid"
}
    }
  } 
}

And in your database, create a users table, and within that, create a table with the name of your <user-id> of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key.

Then send a request like this:

https://samplechat.firebaseio-demo.com/users/<user-id>.json?auth=<access-key>

Where access-key is the key that can be known as idToken, id_Token, or access_key in JSON responses from Google.

Marchelle answered 12/11, 2016 at 20:5 Comment(7)

This is the best answer I got. Firebase document is so messy and confusing! They don't even talk about idToken anywhere in REST docs. Such a shame. Thanks so much for this. – Shrieve 8/6, 2017 at 10:32

Hi, I am trying to allow some json files to be publicly available and others not. I was doing this {"rules": {"publicjson": {".read": true, ".write": false}, ".read": "auth != null", ".write": false}}. I have no problems accessing the publicjson. However, I cannot access any other json that falls under the ".read": "auth != null" rule. I am trying on postman to do a GET request with the Authorization: Bearer xxx but no luck. Do you know anything about this? The idea would be just having the access key stored in the app and used in the requests. No user table needed. Thanks – Donelladonelle 19/6, 2017 at 20:22

@Shrieve Do you know anything of what I asked above? ^^^ Thanks – Donelladonelle 19/6, 2017 at 21:16

@EdisonSpencer if you just want to have a kind of admin user, then what you need to do is 1. create an admin user from firebase console (using some email & password combination) 2. Note its UID and change your read permission as auth.uid=='<add-uid>' 3. From your client side using email and password creds to login to firebase. Note if you are using REST for login then your login url is of the form (googleapis.com/identitytoolkit/v3/relyingparty/…). May be its better to create a separate question so that others can leverage as well! – Shrieve 20/6, 2017 at 6:46

@Shrieve Thanks for the tip about the user created in order to get its token. I didn't want to have the need to create any kind of user. I just wanted to host some information on Firebase and make it publicly available as long as you have a token in order to make GET requests to those JSONs. Otherwise it would be unauthorised. But I think I can create a user and ship it's token with the app(?) – Donelladonelle 20/6, 2017 at 17:14

I guess technically, you will ship that user with the app and have your app login with that user's creds. – Shrieve 21/6, 2017 at 5:1

Hi @Richeek, only today I saw your answer because you didn't mention me. Basically I found out this documentation (firebase.google.com/docs/database/rest/retrieve-data) which proved useful. By appending ?auth=database-secret, I was able to get the content of the JSON I want. Even though I later realised if I write the rule ".read": false, instead of ".read": "auth != null", I am still able to access the content. But that will be another fight I guess. Thanks – Donelladonelle 22/6, 2017 at 22:15

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.