How to secure Firebase Cloud Functions based REST API

Asked Sep 19 '18 at 07:29

Active Sep 19 '18 at 07:29

Viewed 547 times

When exposing a generic serverless, firebase cloud functions based REST API which can be used by customers (who will develop their own clients with their technology of choice), how to best secure it (Authentication / Authorization) and how to implement the security aspects?

Possible options:

OAuth 2.0
API Keys
Using firebase's authentication in combination with cookies
Others?

asked Sep 19 '18 at 07:29

Mutual Exception

1,240
12
27

1

Check this out: https://stackoverflow.com/questions/42751074/how-to-protect-firebase-cloud-function-http-endpoint-to-allow-only-firebase-auth/42752550 – Neelavar Sep 19 '18 at 07:59
@Neelavar: That's corresponds to the third bullet point above. However, this seems not ideal for an API, as this is based on a logged in Firebase user. – Mutual Exception Sep 19 '18 at 08:38

How to secure Firebase Cloud Functions based REST API

0 Answers0