DEV Community


Firebase API Key Security Issue – for Custom Sign Up/Login

sowmo0509 profile image Sowmo0509 ・1 min read

Hello! Hope you're having a good day.

I was working on a project where I am making a user input form with HTML, JavaScript but when I inspect using Google Chrome, the front-end codes are showing up. All of my firebase Realtime Database API, Key, everything is there, visible.

I was wondering, if I make a login/sign up page using firebase and JavaScript, someone will be able to steal this database API and create their own HTML form, submit information and then they come back to my site and directly login with what they have, right?

Is there possibly any way (without React.js .env method) to prevent users from stealing my firebase API codes?

Discussion (1)

lamba3 profile image

I think that api are publicly available and that is somewhat okay, that is why there are rules that control access to database.

Forem Open with the Forem app