How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everything works great... But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions)
- An API endpoint to create users and returns the custom Token generated by Firebase Admin SDK.
- An API endpoint to fetch certain user details.
While the first endpoint is fine, but for my second end point i would want to protect it for authenticated users only. meaning someone who has the token i generated earlier.
How do i go about solving this?
I know we can get the Header parameters in the cloud function using
request.get('x-myheader')
but is there a way to protect the endpoint just like protecting the real time data base?