Google Firebase remote config  is one of the google free firebase tools which opens lot of possibilities in mobile app development when it comes to managing dynamic app configuration .

Of Course  for your android or iOS app , you can always have your own backend database systems to pull dynamic configuration from . But it comes with the administrative overhead .

Developers can take full advantage of  Firebase Remote Config to build apps which require frequent configuration updates in app . One can think of implementing  dynamic theme changes  of app without updating existing app on store  or   inform app users about new updates  or  change  backend server connections whenever there is some planned maintenance window.

Now the question is  can we store API keys on Firebase and  sync it with app when it require ?.

Though it is possible , Google does  not recommend  it .  Google says “Don’t store confidential data in Remote Config parameter keys or parameter values. It is possible to decode any parameter keys or values stored in the Remote Config settings for your project.”

But yes , you can still store API keys  depending on how important the API keys are and the exposed app content if your API keys are decoded by someone .

At Least it is better than hard coding API keys in your app itself  .  So that you can keep changing API Keys periodically . If you want to use Firebase Remote Config for storing API keys , I recommend  you  to have some other second level authentication verification for APP users .

IMPORTANT : You may consider using some other authentication mechanisms  like OAuth2  , JWT  etc., and refresh the tokens for dynamic sessions if you have sensitive app data and services.

 

 

 

 

 


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *