How do I authenticate my firebase with just a string key?

Question

So I just want to keep things simple and set auth === "StringKey" for write so I am able to write in the database if the key is matched. I've tested "StringKey" with the simulation it works too. However I do not know where to enter the key on HttpPost.

I've tried https://fake-project-name.firebaseio.com/datatable1.json?auth=“StringKey” but I kept getting returns “error”: “Could not parse auth token.”, I'm not sure what's wrong with the JSON syntax I entered.

I've tried adding {"Authentication":"Basic 'StringKey'"} but not sure what I am doing for this part.

Thanks in advance for any help.

Firebase Realtime Database rules:

Answer 1

Try this:

fake-project-name.firebaseio.com/datatable1.json?auth=[MY_DATABASE_SECRET]

How to get secret?

Answer 2

The auth parameter for the Firebase Database REST API only accepts JSON Web Tokens (JWT). If you pass in a random string, it isn't a valid JWT, so is rejected.

If you want to properly authenticate your REST requests, you'll have to follow the steps outlined in the documentation on authenticating REST Requests.

Using a shared secret to allow writing to the database

If on the other hand you just want to see if you can implement a so-called shared-secret that allows anyone with that secret to write to the database, you can take a different approach.

Set your security rules like this:

{
  "rules": {
    "ecbyr2782t73113193193": {
      ".read": true,
      ".write": true
    }
  }
}

With these rules, somebody can read/write from the /ecbyr2782t73113193193 if they know the secret value ecbyr2782t73113193193. If they don't know that value, there is no way to get it from the database.

This is known as a shared secret, since you'll have to share the secret with the other users out-of-band (e.g. through email, or FCM).

Note that I'd still recommend to use proper authentication of your REST requests in addition to this shared secret.