[SOLVED] Is it ok to expose Firebase api key?

zooniverse / vox

Voting app

Apache License 2.0

0 stars 1 forks source link

[SOLVED] Is it ok to expose Firebase api key? #32

Open simoneduca opened 7 years ago

simoneduca commented 7 years ago

TL;DR yes, it's fine.

The apiKey essentially identifies your Firebase project. It is not a security risk for someone to know it. In fact, it is necessary for them to know it, in order for them to interact with your Firebase project.

In that sense it is very similar to the database URL that Firebase has historically used to identify the back-end: https://.firebaseio.com.

From a Firebase developer on Stackeoverflow.

cbstodd commented 7 years ago

What your messagingSenderId? or basically the entire default config that Firebase generates for you? ie.

var config = { apiKey: "blah blah blah", authDomain: "blah", databaseURL: "https://blah.firebaseio.com", projectId: "ng-blah-app", storageBucket: "ng-blah-app.appspot.com", messagingSenderId: "numbers blah" };

Is all of this safe to be exposed on Github?