Firebase Dynamic Links rate-limiting

[Jon Garate]

For each short link generated in Firebase Dynamic Links, templated as https://foo.page.link/xYz, does anybody have any clue as to wether there are any rate-limiting policies applied?

I couldn't find any hints in the official docs. The only hint available seems to be the one related to Firebase Cloud Functions, which I guess should follow a similar policy.

I'm concerned for the case where these mecanism is used to provide one-time-use invitations to first-time users. While I'm aware that this alone is a far from making the process secure, an attacker could potentially brute-force the short link's xYz pool to retrieve unused invitations.

[Kato Richardson]

Hi Jon,

This Stack Overflow post mentions that there is a per-second rate limit, but that it's undocumented. Frustrating, but at least a reasonable clue. The REST API docs also mention quotas briefly and talk about mitigations here.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1c97b3b0-e737-4514-a19c-4c372ce426a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Jon Garate]

Hi Kato,

Since it's undocumented I understand that these policies are subject to change anytime (which makes absolute sense frmo a provider standpoint). I guess that those sparse references are as close as we can get to it prior to commiting to the platform.

Thank you for your time,

Jon