User Authorization

Many endpoints have user-specific outputs, so you'll need to specify which user is accessing the page.

Implementing user login into your app

User login is done through Firebase. Checkout the Firebase documentation for your platform to get started.

Authenticating with endpoints

Once users have the ability to login to your app, you're ready to start accessing authenticated endpoints. To send an authorized request to an endpoint, you'll need to obtain a user token first. This token is generated by Firebase and is unique per application per user. See the Firebase documentation to obtain a token in your app.

NOTE: You should treat this token like you would a password, because it grants permission to perform any action to a user's account. If an attacker gains access to this token, they could impersonate this user until the token is invalidated by Firebase.

Once you've received this token from Firebase, you can send a request to the endpoint (preferably over HTTPS) with the header "Authorization" = "$YOUR_USER_TOKEN". If the token is valid, you'll receive a 200 OK response code with the data from the endpoint. If the token is invalid, you'll receive a 401 UNAUTHORIZED response code. If you don't set the Authorization header on a request that requires authentication, you'll receive a 400 BAD REQUEST response code.