With the new firebase cloud function I’ve decided to move some of my HTTP endpoint to firebase.
Everything works great… But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions)
- An API endpoint to create users and returns the custom Token
generated by Firebase Admin SDK. - An API endpoint to fetch certain user details.
While the first endpoint is fine, but for my second end point i would want to protect it for authenticated users only. meaning someone who has the token i generated earlier.
How do i go about solving this?
I know we can get the Header parameters in the cloud function using
request.get('x-myheader')
but is there a way to protect the endpoint just like protecting the real time data base?