Firebase Rules API

Creates and manages rules that determine when a Firebase Security Rules-enabled service should permit a request.

For a description of the tools you can use to manage your Security Rules, including this REST API, see Manage and deploy Firebase Security Rules.

Overview

Firebase Security Rules is comprised of a language and an API. Developers write rules in the language, publish them via the API, and then submit requests to Firebase Security Rules-enabled services. Services evaluate requests using the provided ruleset and determine whether the requests should be permitted.

The following terms are used in this reference documentation.

  • Source: Domain-specific language containing rules scoped to a service and path describing the conditions when a specific request operation may be permitted.

  • Ruleset: Persistent immutable copy Source content with a generated name.

  • Release: Named reference to a Ruleset, which makes the Ruleset available for consumption and enforcement by Firebase Security Rules-enabled services.

Service: firebaserules.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery document:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://firebaserules.googleapis.com

REST Resource: v1.projects

Methods
test POST /v1/{name=projects/**}:test
Test Source for syntactic and semantic correctness.

REST Resource: v1.projects.releases

Methods
create POST /v1/{name=projects/*}/releases
Create a Release.
delete DELETE /v1/{name=projects/*/releases/**}
Delete a Release by resource name.
get GET /v1/{name=projects/*/releases/**}
Get a Release by name.
getExecutable GET /v1/{name=projects/*/releases/**}:getExecutable
Get the Release executable to use when enforcing rules.
list GET /v1/{name=projects/*}/releases
List the Release values for a project.
patch PATCH /v1/{name=projects/*/releases/**}
Update a Release via PATCH.

REST Resource: v1.projects.rulesets

Methods
create POST /v1/{name=projects/*}/rulesets
Create a Ruleset from Source.
delete DELETE /v1/{name=projects/*/rulesets/*}
Delete a Ruleset by resource name.
get GET /v1/{name=projects/*/rulesets/*}
Get a Ruleset by name including the full Source contents.
list GET /v1/{name=projects/*}/rulesets
List Ruleset metadata only and optionally filter the results by Ruleset name.