How do I access my Firebase Database via HTTP REST API?

GShocked picture GShocked · Nov 10, 2016 · Viewed 22.7k times · Source

Thanks to this answer I am able to connect to Firebase 3 via HTTP REST API and an email/password. Logging in with this API returns an access token that is used to access the Firebase Database. This access token expires after 1 hour. A refresh token is also returned after logging in, which I can use to refresh my access token. Here is what I am doing specifically:

Method:

POST

URL:

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>

Payload:

{
    email: "<email>",
    password: "<password>",
    returnSecureToken: true
}

Response:

{
    "kind": "identitytoolkit#VerifyPasswordResponse",
    "localId": "<firebase-user-id>", // Use this to uniquely identify users
    "email": "<email>",
    "displayName": "",
    "idToken": "<provider-id-token>", // Use this as the auth token in database requests
    "registered": true,
    "refreshToken": "<refresh-token>",
    "expiresIn": "3600"
}

In the case of refreshing my access token:

URL:

https://securetoken.googleapis.com/v1/token?key=<my-firebase-api-key>

Payload:

{
    grant_type: "refresh_token",
    refresh_token: "<refresh-token>"
}

Response:

{
  "access_token": "<access-token>",
  "expires_in": "3600",
  "token_type": "Bearer",
  "refresh_token": "<refresh-token>",
  "id_token": "<id-token>",
  "user_id": "<user-id>",
  "project_id": "<project-id>"
}

How do I access my database via HTTP REST API given that I have my access token?

Answer

GShocked picture GShocked · Nov 12, 2016

So after communicating with technical support, here's my answer:

In your database rules, include something like this that is compatible with what you're doing:

{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid",
".read": "$user_id === auth.uid"
}
    }
  } 
}

And in your database, create a users table, and within that, create a table with the name of your <user-id> of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key.

Then send a request like this:

https://samplechat.firebaseio-demo.com/users/<user-id>.json?auth=<access-key>

Where access-key is the key that can be known as idToken, id_Token, or access_key in JSON responses from Google.