Firebase Admin SDK contains APIs for fetching and deleting individual user accounts. These APIs enable developers to fetch Firebase Auth user accounts by their
uid, email or phone number, or delete a selected user account by its
uid. Developers have been using these APIs to implement tools, automation scripts and even Cloud Functions that perform complex user management tasks. Listing 1 shows a Node.js script that uses the Admin SDK to fetch a user account by email address, and delete it.
While these APIs are useful in a wide range of use cases, sometimes we need to implement even more powerful backend applications that deal with multiple user accounts at once. As a developer you may wish to fetch several user accounts as a batch, and perform some administrative operations on them. Or you may have been running some experiments with Firebase that created a bunch of test accounts, and now you wish to delete all of them.
Implementing such bulk operations using the existing
deleteUser() APIs is rather cumbersome. The end result is also quite slow to execute since each API call results in a new RPC call being made. You can make things a little better by using the
listUsers() API in your code, but that’s not a great solution either as it doesn’t allow you to filter the user accounts that are returned. As a result many developers have been asking for a simpler API to fetch and delete Firebase Auth user accounts in bulk. If you are one of those developers, I have some really good news for you!
Starting from v8.12.0 release of the Firebase Admin Node.js SDK, developers have two new APIs —
deleteUsers() — available to them. As evident by their names, these APIs can be used to fetch and delete more than one user account at a time. The
getUsers() API accepts up to a hundred user identifiers, and returns the matching user accounts. The user identifier could be a Firebase
uid, email address, phone number or an IdP-assigned
uid. Similarly the
deleteUsers() API accepts up to a thousand Firebase uids, and deletes those user accounts from the project. Both APIs only make a single RPC to the backend, and therefore are more efficient than calling the old
deleteUser() APIs in a loop. Listing 2 shows an example of how these APIs can be used in practice.
This example program looks up several user accounts, and goes over the results to mark the already disabled accounts for deletion. Then it uses the
deleteUsers() API to delete all the marked user accounts. This example makes at most 2 RPC calls to the Firebase Auth backend despite the number of user accounts fetched or deleted.
One caveat to note is that the
deleteUsers() API is rate limited to 1 call per second. This might change in the future, but at least for now this means you can only delete at most 1000 accounts per second using this API.
I hope this addition simplifies the development of many advanced user management features. Please try it out and provide feedback via GitHub. More code samples and language support (Java, Python, Go and C#) are expected soon.