Hey All, I have an application running using Firebase and GAE. Using firebase to authenticate users and GAE to deploy the backend logic code. Firebase Real-time database is acting as a database for us. Calls between GAE and Firebase database is happening using Firebase Database Secrets. I have created WebAPI which my application front end is using for data requirements. My API is public now, anyone with the URL can call it and get the result. Though the user authentication is happening using Firebase OAuth, the API can be used by anyone who gets to know the parameters and endpoints. I want to secure my WebAPI that can only be used by the application and some specific IP address for testing purpose.
What shall I use to secure that? Firebase uuid which is unique to the specific users? if anyone gets that uuid of his account ( anyhow ) it won't be secured. Any other way to secure that? Any help would be appreciated! Thanks -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/12ac4096-026a-42d7-ad4b-9d541e4c25eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
