Setup AppGyver and Firebase REST API


It’s not neccesary have a collection called “users”, is an example.

If your collection was called “messages” then you would have to rename the collection in the example above and it would look like this.

service cloud.firestore {
  match / databases / {database} / documents {
    match / messages / {userId} {
      allow read, update, delete: if request.auth! = null && request.auth.uid == userId;
      allow create: if request.auth! = null;

Hi @arielo , by main key, do you mean the document ID?

So e.g. you would have the user ID as the doc ID in the messages collection?

messages > userID1 >message
________ > userID1>message

Can you have multiple documents with the same ID, or do you then need to have:

messages >
userID1 > messageID1 > message
_______> messageID2 > message
userID2 > messageID1 > message

(Ignore the ______ it was the only way I could try to show the message sitting in the user1 subcollection :joy:)

Because what I’ve been trying to do was more like this:

messages >
messageID1 > message
__________ > userID1
messageID2 > message
__________ > userID1
messageID3 > message
__________ > userID2

I hope this makes some sort of sense :slight_smile:

Hi @Freya

The structure that you give to the database depends on what you need from it.

In this link you can see examples and recommendations to build your database. While this information is in the Firebase Realtime Database documentation, it serves as an example as it is also a json database.

Hi @vereggen ,

Thank you very much on your tips so far, it’s really helping. I want to ask a question. I can see your EVENT is “Refresh Token in Background”. Does this mean you flow is also working when the app is sent to background process in Android? Or it means that the EVENT itself it the background process running while the app is currently opened?

I’m trying to get the refresh token working while the app is close but unable to. Any pointer on this? Thanks again.

Hi @Ahmad_Zulkarnain

It depends on the platform that “Refresh Token in Background” EVENT is triggering when the app is running in the background.

I’ve found that it runs correctly on web but not on iOS and can be hit or miss on Andriod.

To force a token refresh when the app brought into focus from the background, you can try calling “Return to initial view” on a failed get record. This forces an automatic re-login using the saved credentials.

I only need to do this in a few key places (on one get record per navigation/main page).

Hope this helps.


@vereggen ,

Thanks for your explanation. I have my refresh token timer set up in Global Canvas too and as long as the app is on the foreground, the refresh token works fine. It’s just that when the app is closed then it’s not working. But this is a test I done using the Appgyver Android app to emulate my app, not an actual built app yet.

Interesting you mentioned “forces an automatic re-login using the saved credentials” as I’m think about this path as a workaround but was not confident. As you’ve mentioned it, it might be a workable solution. Thanks again and be safe!

Hi @arielo!

Question regarding the Firestore Database rules and GET items.

I have the following rules in place in database

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;

But if I try to GET data using Authorization header as Bearer + TOKEN_FROM_AUTH_REQUEST, I will get HTTP 401 error stating the following

"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See"

Upon reading about security rules I noticed this

If you are using the server client libraries or the REST or RPC APIs, make sure to set up Identity and Access Management (IAM) for Cloud Firestore.```

My question is have you set up any kind of IAM for Cloud Firestore and if so how did you do it ?