Firebase strictly recommends using the firebase-admin-SDK for communicating with Firebase from the server side (machine-to-machine).
However, there are situations in which using the SDK is not ideal, for example, if you are using Cloudflare workers for your backend logic.
I was in that situation a while ago and find it hard to get a clear step-by-step guide. This article is the result of that experience.
1. Get service account credentials
When creating a new Firebase project a default service account named firebase-adminsdk-* is created automatically.
Go to GCP console and create KEY associated with this service account
https://console.cloud.google.com/iam-admin/serviceaccounts
2 . Generate JWT token using service account
If you are in the standard nodejs environment you can use the famous jsonwebtoken library
However, this package doesn’t work in the Cloudflare worker's environment, as Nodejs crypto API is not supported. As a result, we have to use Web Crypto API instead, which is complicated, luckily there is workers-jwt package for the worker’s environment.
3 . Request Access token using the JWT token
Returns the token in the following format
{
“access_token”: “token…”,
“expires_in”: 3599,
“token_type”: “Bearer”
}
4 . Let’s finally make a request to Firebase REST API
Make sure to include the token in the Authorization header
when manipulating protected resource
4 .1 - Firestore
https://firestore.googleapis.com
- List documents
GET https://firestore.googleapis.com/v1/projects/<project-id>/databases/(default)/documents/<collection-name> - Insert Document
POST https://firestore.googleapis.com/v1/projects/<project-id>/databases/(default)/documents/<collection-name> - Update (single field update is not supported) use patch
PATCH https://firestore.googleapis.com/v1/projects/<project-id>/databases/(default)/documents/<collection-name>/<document-id>
4.2 - Realtime database
https://<project>.firebaseio.com/<property>.json
- Insert Document
GET https://<project-id>.firebaseio.com/<property>.json - UPDATE Document
PATCH https://<project-id>.firebaseio.com/<property>.json
NB:
When using a service account to make API calls, firebase RULES DO NOT apply. The service account is a superuser; use it with caution.
Thanks for reading! Give it a clap if you found it helpful.
Questions and feedback are very welcome. 🙏
#First article 🎉