Reputation: 1009
Firebase REST API key management
I have some data stored on firebase which I want to expose to some people/apps through the REST API provided by firebase. I want to make a key management system so that only people who have a key can access the database through the API. I'm thinking of using the custom authentication mentioned here: https://www.firebase.com/docs/web/guide/login/custom.html
The JWT would be the API key. Is this a good idea or is there a better way to do this? Also, how can I make it so that the key will no longer be usable after a certain time (e.g a few months or a year)
I'd appreciate your opinions. Thanks
Upvotes: 0
Views: 1000
Answers (1)
Reputation: 598797
From the Firebase documentation on token generation:
By default, authentication tokens expire 24 hours after they are issued and the client will automatically be unauthenticated at that time. You can override this by changing the session length setting under the Login & Auth tab of your App Dashboard, or individually when creating the token by providing a specific expiration date. For details, see the docs for the specific token generator library you're using.
The specifics of setting a token-specific expiration vary from library to library. For Java it requires calling setExpires(Date), for Node.js it requires settings a timestamp in the requires property, etc.
Upvotes: 1
Related Questions
- Obtaining/using Firebase JWT
- JWT Token using Firebase
- How to Authenticate a REST Call to the Firebase Auth REST API
- Firebase token verification on server
- Firebase Auth + Own Api
- Firebase Auth REST API
- Firebase Authentication with Rest API
- Firebase token to log to my api
- Firebase authentication via Rest
- Firebase JWT Authentication