Firebase Cloud Functions Secure HTTPS Endpoints with API key

Question

I've looked at a few places, Including this post and the firebase panel

Is there no way to use these api's to secure these endpoints using an api key you create per client who uses your cloud functions?

I'm able to block every one putting a restriction on the Browser key, but I would like to create a new api key, and use that as a way to authenticate my endpoint for various clients.

Creating a new api key, and using that as a parameter in my query doesn't work (don't now if I'm doing anything wrong)

Is there a way to do this?

Answer 1

Option 1: handle authentication within the function

https://github.com/firebase/functions-samples/tree/master/authorized-https-endpoint

Adapt above to use clients/keys stored in firestore

---

Option 2: Use an an API Gateway

• Google Cloud Endpoints (no direct support for functions yet, need to implement a proxy)
• Apigee (higher cost, perhaps more than you need)
• Azure API Management (lower entry cost + easy to implement as a facade for services hosted outside Azure)
• there are more..

The above gateways are probably best for your use case in that the first two would let you keep everything within Google, albeit with more complexity/cost -- hopefully Endpoints will get support for functions soon. Azure would mean having part of your architecture outside Google, but looks like an easy way to achieve what your after (api key per client for your google cloud / firebase functions)

Here's a good walkthrough of implementing Azure API Management:

https://koukia.ca/a-microservices-implementation-journey-part-4-9c19a16385e9