I am new to firebase currently. I have developed an app for Android as well as iOS in Unity and I m not asking user to authenticate. The app doesn't require to be logged in. But I want my Realtime Database data to be read only by my apps. So, exactly what security rules I should use in that case or anything that should be done on the client side. Kindly Help.
CodePudding user response:
If you want to check if the requests are from a authentic source such as your application(s) you can use App check feature from firebase which is still in beta but works perfectly. Using this you don't have to add any security rules to your realtime database, app check does that automatically
CodePudding user response:
It your REALLY want to let anyone read your data but not write any data, the rules would be
{
"rules": {
".read": true,
".write": false
}
}
Keeping in mind that makes your database wide open for anyone to read. However, since you're not requiring authentication at all, then it's open anyway.