Use APIGateway to secure Firebase REST APIs at a client level (not end user level)

84 views

Skip to first unread message

Hamid Bazargani

unread,

Jun 2, 2021, 12:50:35 PM6/2/21

to api-gateway-users

Hi there,
I have a set of REST APIs (via Firebase cloud functions) that I like to release to my clients to allow them creating their mobile apps. The mobile apps they will be creating are used by public users. Users are not supposed to deal with my APIs and thus authentication. So I don't need an end user authentication. It's up to my clients (app makers) to use "some secret" for authorization.
Based on what I have researched, Firebase Admin SDK might not be a good solution for this end since we're concerned about client level authentication.

I was wondering if API Gateway is a right solution for my use case? Can I use it to whitelist particular clients (app makers) without engaging end users? What are the limitations? Any best practice?

Thanks

Sumanth Sathyanarayana

unread,

Feb 7, 2022, 6:34:29 PM2/7/22

to api-gateway-users

Curious to know what option you went with as this is somewhat of a situation for me as well.

Thanks & Best Regards

Sumanth

Reply all

Reply to author

Forward

0 new messages