How to secure your Firebase project even when your API key is publicly available

Step 1: Do not let anybody login or create user in your Firebase project from any other website but yours

  • Click on Credentials tab
  • From API keys list click on Browser key
  • Now you can see there are 2 tabs inside. Application restrictions & API restrictions.
  • Click on Application restrictions and select “HTTP referrers (web sites)” option
  • Then in “Accept requests from these HTTP referrers” section key in your production site address.

Step 2: Setup proper rules for Firebase Database and Storage




a passionate coder …

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


a passionate coder …

More from Medium

CS373 Spring 2022 Ricky Woodruff — Blog #11

HTML — Header & Paragraph

How to Create Large-Scale 3D Environments — Part I

Laravel — The Powerful Web Application Framework