Google Firebase remote config is one of the google free firebase tools which opens lot of possibilities in mobile app development when it comes to managing dynamic app configuration .
Of Course for your android or iOS app , you can always have your own backend database systems to pull dynamic configuration from . But it comes with the administrative overhead .
Developers can take full advantage of Firebase Remote Config to build apps which require frequent configuration updates in app . One can think of implementing dynamic theme changes of app without updating existing app on store or inform app users about new updates or change backend server connections whenever there is some planned maintenance window.
Now the question is can we store API keys on Firebase and sync it with app when it require ?.
Though it is possible , Google does not recommend it . Google says “Don’t store confidential data in Remote Config parameter keys or parameter values. It is possible to decode any parameter keys or values stored in the Remote Config settings for your project.”
But yes , you can still store API keys depending on how important the API keys are and the exposed app content if your API keys are decoded by someone .
At Least it is better than hard coding API keys in your app itself . So that you can keep changing API Keys periodically . If you want to use Firebase Remote Config for storing API keys , I recommend you to have some other second level authentication verification for APP users .
IMPORTANT : You may consider using some other authentication mechanisms like OAuth2 , JWT etc., and refresh the tokens for dynamic sessions if you have sensitive app data and services.
0 Comments