CODEWITHSUNDEEP
androidrestfirebasefirebase-realtime-database
kirchhoff
kirchhoff

Reputation: 216

Firebase database REST API, get throws 401 error

I've spent all the afternoon researching and then checked the related answers and none of them solved my problem, Excuse me if it's duplicated as I didn't find it.

I have a realtime database for my android app. However, I would like to get the formatted json in a REST client (postman), just for comfort (so I can save the json locally for mock purposes).

Here are the rules:

{
  "rules": {
    "contents": {
      ".read": true,
      ".write": false
    }
  }
}

In theory (if I'm not mistaken), I should be able to retrieve the data with:

https://project-f7de2.firebaseio.com/contents.json

But I get this error:

Status Code: 401 Unauthorized
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 36
Content-Type: application/json; charset=utf-8
Date: Sun, 12 Nov 2017 18:03:00 GMT
Server: nginx
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload

I also followed this links explaining authentication in requests:

https://firebase.google.com/docs/reference/rest/database/

https://firebase.google.com/docs/database/rest/auth

So I tried debugging my app, getting the tokenID for the logged user and immediately sending the request in my REST client:

 mUser.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
            @Override
            public void onComplete(@NonNull Task<GetTokenResult> task) {
                String token_id = task.getResult().getToken();
                Log.d("I'm using this", token_id);
            }
        });

And then:

https://project-f7de2.firebaseio.com/contents.json?auth=<token_id>

But still, 401 error, permission denied.

I'm fairly new to firebase and REST clients.

Thanks in advance.

Upvotes: 3

Views: 8181

Answers (2)

sarita jha
sarita jha

Reputation: 11

You can provide the time in milliseconds till it can be accessed, something like this -

`{
    "rules": {
        ".read": "now < 1648146600000",
        ".write": "now < 1648146600000"
    }
}`

Upvotes: -1

Alejandro Bertinelli
Alejandro Bertinelli

Reputation: 545

You are denying any access to the DB, if you want anyone to write in the "contents" child, you must change the ".write" parameter to true or some other rule. false only gives access to the admin.

{
  "rules": {
    "contents": {
      ".read": true,
      ".write": false
    }
  }
}

Upvotes: 8

Related Questions