Firebase Auth, Firestore & Storage (plugin)
  • 🚀Getting Started
  • Setup
    • Create a Firebase Project
    • Get Firebase access credentials
    • Offline Support
    • Secure your credentials and data
      • Restrict your api-key to your domain
      • Security Rules on Firebase
  • Plugin Elements
    • 🛠️About elements
    • 💾Data Schemas
    • Firebase Auth (Current User)
    • Firestore Data List
      • Firebase Geohash
      • Firestore Data (legacy)
    • Firestore Data Extractor
    • Firestore Data Single
    • Firestore Data Aggregation
    • Firestore Data Processor
    • Firebase Storage Upload Button
    • Firebase Action Listener
    • Firebase Dropdown Processor
  • Plugin Front-end Actions
    • 💻About front-end actions
    • 💾Field types table
    • Firestore
      • Create a new document
      • Update a document
      • Delete a document
      • Update a list of documents
      • Delete a list of documents
      • Batch Operations
        • Batch Operation Constructor
        • Batch Operation Commit
    • Firebase Auth
      • Sign the User Up
      • Log the User In
      • Log the User In with Google
      • Log the User In with Facebook
      • Log the User In with GitHub
      • Log the User Out
      • Update User's Profile
      • Update User's Password
      • Update User's Email
      • Send password reset email
        • Handle reset password code
      • Send verification email
        • Handle verify email code
      • Delete current user
    • Firebase Storage
      • Upload file base64
      • Delete uploaded file
  • Plugin Back-end Actions
    • ☁️About backend actions
    • Firestore Backend
      • Get a list of documents
      • Get a single document
      • Count a list of documents
      • Create a new document
      • Update a document
      • Delete a document
      • Update a list of documents
      • Delete a list of documents
    • Firebase Auth Backend
      • Create an account for someone else
      • Update another user's profile info
      • Delete a user account
      • Generate email confirmation link
      • Generate password reset link
      • Set user roles
Powered by GitBook
On this page
  1. Setup
  2. Secure your credentials and data

Restrict your api-key to your domain

PreviousSecure your credentials and dataNextSecurity Rules on Firebase

Last updated 10 months ago

A good way to secure your app is to restrict any front-end api-key to be accessible only on the domains you choose.

Firebase automatically configures the api-key for us, but this key is currently unrestricted. To restrict the domains that can use it, we must go to Google Cloud API console. The URL to do so will be something like:

Remember, you can see your app ID on the Firebase Console, settings (see image below).

Restricting your api-key

1) The Firebase generated API-KEY will be identified as being "auto created by Firebase". Click on the key, to open it's settings.

2) On the "Key restrictions" settings, choose the "Websites" option.

3) Finally, enter the URLs or domains you'd like to allow your credentials to be used and hit "Save".

You can leave "API restrictions" as it is, with "Don't restrict key" checked.

Important! You must also allow the domains on your Firebase Authentication Settings for features like Google/Facebook/Github login to work properly.

For instance, "yourfirebaseappid.firebaseapp.com".

Done! Your api-key is now secure.

https://console.cloud.google.com/apis/credentials?project=YOUR_APP_ID_HEREconsole.cloud.google.com
Change the YOUR_APP_ID_HERE text to your Firebase APP ID.