Use APIGateway to secure Firebase REST APIs at a client level (not end user level)

Skip to first unread message

Hamid Bazargani

Jun 2, 2021, 12:50:35 PM6/2/21
to api-gateway-users

Hi there,
I have a set of REST APIs (via Firebase cloud functions) that I like to release to my clients to allow them creating their mobile apps. The mobile apps they will be creating are used by public users.  Users are not supposed to deal with my APIs and thus authentication. So I don't need an end user authentication. It's up to my clients (app makers) to use "some secret"  for authorization.
Based on what I have researched, Firebase Admin SDK might not be a good solution for this end since we're concerned about client level authentication.

I was wondering if API Gateway is a right solution for my use case? Can I use it to whitelist particular clients (app makers) without engaging end users? What are the limitations? Any best practice?


Sumanth Sathyanarayana

Feb 7, 2022, 6:34:29 PMFeb 7
to api-gateway-users
Curious to know what option you went with as this is somewhat of a situation for me as well.

Thanks & Best Regards

Reply all
Reply to author
0 new messages