using and managing API keys for Firebase

34 views

Skip to first unread message

Naser Samara

unread,

Jan 10, 2022, 1:56:53 PM1/10/22

to Firebase Google Group

I want to be sure that my app is secure. so after I Done with writing my security rules

I am going over Firebase security checklist.

in the "Learn about using and managing API keys for Firebase" section in this link:

https://firebase.google.com/docs/projects/api-keys#apply-restrictions

" To mitigate against the possibility that someone might misuse an API key to attempt a brute force attack, you can tighten the default quota of the identitytoolkit.googleapis.com endpoints to reflect the normal traffic expectations of your app. Be aware that if you tighten this quota and your app suddenly gains users, you might get sign-in errors until you increase the quota. You can change your project's API quotas in the Google Cloud Console. "

I want to set Queries per minute and Queries per minute per user.

the first default value is 180000 and the second is 30000.

my question is: what is the meaning of "Queries per minute per user", if someone who is

not authenticated yet and make lot of requests to the identitytoolkit.googleapis.com how firebase know who is this user? is it by his ip address?

second question is, how do I know that is the limit that I should chose?

thank you

Reply all

Reply to author

Forward

0 new messages