Firebase FAQ

Have other challenges or don't see your issue outlined below? Please report a bug or request a feature and join the Stack Overflow discussions.

Firebase projects and Firebase apps

Permissions and access to Firebase projects

Platforms and frameworks

Visit the platform-specific troubleshooting & FAQ pages for helpful tips and answers for more FAQ.

Firebase console

Pricing

Firebase paid services can be used under the Google Cloud Free Trial. New Google Cloud and Firebase users can take advantage of a 90-day trial period that includes $300 in free Cloud Billing credits to explore and evaluate Google Cloud and Firebase products and services.

During the Google Cloud Free Trial period, you'll be provided a Free Trial Cloud Billing account. Any Firebase project that uses that billing account will be on the Blaze pricing plan during the free trial period.

Don't worry, setting up this Free Trial Cloud Billing account does not enable us to charge you. You are not charged unless you explicitly enable billing by upgrading your Free Trial Cloud Billing account to a paid account. You can upgrade to a paid account at any time during the trial. After you've upgraded, you can still use any remaining credits (within the 90-day period).

Once the free trial expires, you'll need to either downgrade your project to the Spark pricing plan or set up the Blaze pricing plan in the Firebase console to continue using your Firebase project.

Learn more about the Google Cloud Free Trial.

Cloud Functions pricing

Cloud Functions for Firebase relies on some paid Google services. New function deployments with Firebase CLI 11.2.0 and higher rely on Cloud Build and Artifact Registry. Deployments to older versions use Cloud Build in the same way, but rely on Container Registry and Cloud Storage for storage instead of Artifact Registry. Usage of these services will be billed in addition to existing pricing.

Storage space for Firebase CLI 11.2.0 and newer versions

Artifact Registry provides the containers in which functions run. Artifact Registry provides the first 500MB at no cost, so your first function deployments may not incur any fees. Above that threshold, each additional GB of storage is billed at $0.10 per month.

Storage space for Firebase CLI 11.1.x and prior versions

For functions deployed to older versions, Container Registry, provides the containers in which functions run. You'll be billed for each container required to deploy a function. You may notice small charges for each container stored—for example, 1GB of storage is billed at $0.026 per month.

To understand more about how your bill might change, please review the following

Yes. On the Blaze plan, Cloud Functions provides a no-cost tier for invocations, compute time, and internet traffic. The first 2,000,000 invocations, 400,000 GB-sec, 200,000 CPU-sec, and 5 GB of Internet egress traffic is provided at no cost each month. You'll be charged only for usage above those thresholds.

After the first 500MB of no-cost storage, each deployment operation will incur small-scale charges for the storage space used for the function's container. If your development process depends on deploying functions for testing, you can further minimize costs by using the Firebase Local Emulator Suite during development.

See Firebase Pricing plans and the Cloud Functions Pricing example scenarios.

No. There are no plans to change the quotas except for the removal of a maximum build time limit; instead of receiving errors or warnings when the daily build quota of 120 minutes is reached, you'll be billed under the terms of the Blaze pricing plan. See Quotas and limits.

Yes, you can create a Cloud Billing account in the Google Cloud console to get the $300 credit, then link that Cloud Billing account to a Firebase project.

More about the Google Cloud credit here.

Note that if you do this, you have to then set up the Blaze pricing plan in the Firebase console in order for your project to continue working after the $300 credit is exhausted.

No, sorry. You can use the Firebase emulator for development without having a Cloud Billing account. Alternatively, try applying for a Google Cloud free trial. If you're still having trouble paying your bill because of this change, contact Firebase Support.

You can set up budget alerts in the Google Cloud console to help control costs. Also, you can set limits on the number of billed instances created for each of your functions. To get an idea of costing for typical scenarios, see the Cloud Functions Pricing examples.

View the Usage and billing dashboard in the Firebase console.

Yes. Since extensions use Cloud Functions, extensions will be subject to the same charges as other functions.

To use extensions, you will need to upgrade to the Blaze pricing plan. You will be charged a small amount (typically around $0.01 per month for the Firebase resources required by each extension you install (even if they are not used), in addition to any charges associated with your use of Firebase services.

Cloud Storage for Firebase pricing

Privacy

A/B Testing

AdMob

Analytics

Authentication

To help protect your project from SMS traffic pumping and API abuse, take the following steps:

Consider setting an SMS region policy
  1. View your regional SMS usage.

    Look for regions with a very high number of sent SMS and a very low number (or zero) of verified SMS. The ratio of verified/sent is your success rate. Healthy success rates are commonly in the 70-85% range since SMS is not a guaranteed delivery protocol, and some regions may experience abuse. Success rates below 50% imply many sent SMS but few successful logins, which is a common indicator of bad actors and SMS traffic pumping.

  2. Use SMS Region Policy to either deny SMS regions with low success rates, or only allow certain regions if your app is only intended for distribution in certain markets.

Limit your authorized authentication domains

Use the Authentication settings dashboard to manage authorized domains. The localhost domain is added by default to the approved authentication domains to simplify development. Consider removing localhost from the authorized domains in your production project to prevent bad actors from running code on their localhost to access your production project.

Enable and enforce App Check

Enable App Check to help protect your project from API abuse by attesting that requests only come from applications associated with your project.

To use App Check with Firebase Authentication, you must upgrade to Firebase Authentication with Identity Platform.

Remember that you need to enforce App Check for Authentication in the Firebase console (consider monitoring traffic before enforcing). Also, double check your reCAPTCHA Enterprise approved sites list to validate that it only contains your production sites, and that the list of applications registered to your project in App Check is accurate.

Note that App Check helps protect against automated attacks by asserting that the call comes from one of your registered applications. It does not prevent users from using your app in unintended ways (for example, starting then never finishing login flows to generate sent SMS).

At this time, numbers ported between carriers will result in all SMS becoming undeliverable for those end users. There is no workaround, and Firebase is working on this issue.

Follow the troubleshooting steps in this FAQ if you're getting the following error:

GoogleFragment: Google sign in failed
    com.google.android.gms.common.api.ApiException: 13: Unable to get token.
        at
com.google.android.gms.internal.auth-api.zbay.getSignInCredentialFromIntent(com.google.android.gms:play-services-auth@@20.3.0:6)
  1. Make sure that Google sign-in is properly enabled as an authentication provider:

    1. In the Firebase console, open the Authentication section.

    2. Within the Sign in method tab, disable and then re-enable the Google sign-in method (even if it's already enabled):

      1. Open the Google sign-in method, disable it, and then click Save.

      2. Re-open the Google sign-in method, enable it, and then click Save.

  2. Make sure that your app is using its up-to-date Firebase configuration file (google-services.json).
    Obtain your app's config file.

  3. Check if you're still getting the error. If you are, continue to the next troubleshooting step.

  4. Make sure the required underlying OAuth 2.0 clients are present.

    1. In the Credentials page of the Google Cloud console, look in the OAuth 2.0 Client IDs section.

    2. If OAuth 2.0 clients are not present (and you've done all the troubleshooting steps above), then contact Support.

Follow the troubleshooting steps in this FAQ if you're getting the following error:

You must specify |clientID| in |GIDConfiguration|
  1. Make sure that Google sign-in is properly enabled as an authentication provider:

    1. In the Firebase console, open the Authentication section.

    2. Within the Sign in method tab, disable and then re-enable the Google sign-in method (even if it's already enabled):

      1. Open the Google sign-in method, disable it, and then click Save.

      2. Re-open the Google sign-in method, enable it, and then click Save.

  2. Make sure that your app is using its up-to-date Firebase configuration file (GoogleService-Info.plist).
    Obtain your app's config file.

  3. Check if you're still getting the error. If you are, continue to the next troubleshooting step.

  4. Make sure the required underlying OAuth 2.0 clients are present.

    1. In the Credentials page of the Google Cloud console, look in the OAuth 2.0 Client IDs section.

    2. If OAuth 2.0 clients are not present (and you've done all the troubleshooting steps above), then contact Support.

Follow the troubleshooting steps in this FAQ if you're getting the following error:

AuthErrorCode.INVALID_OAUTH_CLIENT_ID
  1. Make sure that Google sign-in is properly enabled as an authentication provider:

    1. In the Firebase console, open the Authentication section.

    2. Within the Sign in method tab, disable and then re-enable the Google sign-in method (even if it's already enabled):

      1. Open the Google sign-in method, disable it, and then click Save.

      2. Re-open the Google sign-in method, enable it, and then click Save.

  2. Also, in the Google sign-in provider configuration of the Authentication section, make sure that the OAuth client ID and secret match the web client displayed in the Credentials page of the Google Cloud console (look in the OAuth 2.0 Client IDs section).

Follow the troubleshooting steps in this FAQ if you're getting the following error:

This domain YOUR_REDIRECT_DOMAIN is not authorized to run this operation.

This error is most likely caused because your redirect domain isn't listed as a authorized domain for Firebase Authentication, or the API key that you use with the Firebase Authentication Service is invalid.

First make sure that YOUR_REDIRECT_DOMAIN is in the list of authorized domains for your Firebase project. If your redirect domain is already listed there, continue to troubleshoot an invalid API key.

By default, Firebase Authentication JS SDK relies on the API key for your Firebase project that's labeled as the Browser key, and it uses this key to verify that a sign-in redirect URL is valid according to the list of authorized domains. Authentication gets this API key depending on how you access the Authentication SDK:

  • If you use Hosting-provided Auth helpers to log users in with the Authentication JS SDK, then Firebase automatically obtains your API key with the rest of your Firebase configuration each time you deploy to Firebase Hosting. Make sure that the authDomain in your web app firebaseConfig is properly configured to use one of the domains for that Hosting site. You can verify this by going to https://authDomain__/firebase/init.json, and checking that the projectId matches that from your firebaseConfig.

  • If you self-host the sign-in code, then you can use a __/firebase/init.json file to provide the Firebase configuration to the self-hosted Authentication JS SDK Redirect helper. The API key and the projectId listed in this config file should match your web app firebaseConfig.

Check to make sure this API key hasn't been deleted: Go to the APIs & Services > Credentials panel in the Google Cloud console where all the API keys for your project are listed.

  • If the Browser key has not been deleted, check the following:

    • Make sure the Firebase Authentication API is in the list of allowed APIs for the key to access (learn more about API restrictions for API keys).

    • If you self-host the sign-in code, make sure the API key listed in your __/firebase/init.json file matches the API key in the Cloud console. Correct the key in the file, if necessary, then redeploy your app.

    • If the Browser key has been deleted, you can have Firebase generate a new API key for you: In the Firebase console, go to > Project settings, then in the Your apps section, click on your web app. This action automatically creates an API key that you can see in the SDK setup and configuration section for your web app.

    Note that in the Cloud console this new API key will not be called Browser key; instead, it will be the same name as your Firebase Web App's nickname. If you decide to add API restrictions to this new API key, make sure the Firebase Authentication API is in the list of allowed APIs.

    Once your new API key is created, complete the applicable steps below:

    • If you use reserved Hosting URLs, then redeploy your app to Firebase so that it can automatically obtain the new API key with the rest of your Firebase configuration.

    • If you self-host the sign-in code, copy the new API key and add it to your __/firebase/init.json file, then redeploy your app.

  1. Open the Credentials page of the Google Cloud console.

  2. At the top of the page, select Create credentials > OAuth client ID.

  3. If you're prompted to configure your consent screen, follow the on-screen instructions, and then continue with the following steps of this FAQ.

  4. Create the OAuth web client:

    1. For the Application Type, select Web application.

    2. For the Authorized JavaScript Origins, add the following:

      • http://localhost
      • http://localhost:5000
      • https://PROJECT_ID.firebaseapp.com
      • https://PROJECT_ID.web.app
    3. For the Authorized Redirect URIs, add the following:

      • https://PROJECT_ID.firebaseapp.com/__/auth/handler
      • https://PROJECT_ID.web.app/__/auth/handler
    4. Save the OAuth client.

  5. Copy the new OAuth client ID and client secret to your clipboard.

  6. In the Firebase console, open the Authentication section.

  7. Within the Sign in method tab, open the Google sign-in provider, and then paste the web server client ID and secret you just constructed and copied from the Google Cloud console. Click Save.

Before December 2022, the %APP_NAME% in the email template was populated with the OAuth brand name that was automatically provisioned whenever an Android app was registered in the Firebase project. Now, since the OAuth brand is provisioned only when Google sign-in is enabled, the following describes how %APP_NAME% is determined:

  • If the OAuth brand name is available, then the %APP_NAME% in the email template will be the OAuth brand name (same as pre-December 2022 behavior).

  • If the OAuth brand name is not available, here's how the %APP_NAME% in the email template is determined:

    • For web apps, the %APP_NAME% will be the default Firebase Hosting site name (the value preceding .firebaseapp.com and .web.app and usually the Firebase project ID).

    • For mobile apps:

      • If the Android package name or iOS bundle ID is present in the request, then the %APP_NAME% will be the app name used in the Play Store or App Store (respectively).

      • Otherwise, the %APP_NAME% will be the default Firebase Hosting site name (the value preceding .firebaseapp.com and .web.app and usually the Firebase project ID).

    Note that if the lookup of the default Firebase Hosting site name fails, then the final fallback is to use the Firebase project ID as the %APP_NAME%.

Cloud Functions

Cloud Functions runtime support

  1. Make sure you're on the Blaze pricing plan.
  2. Make sure you are using the latest version of the Firebase CLI.
  3. Update the engines field in your functions' package.json.
  4. Optionally, test your changes using the Firebase Local Emulator Suite.
  5. Redeploy all functions.

In the Firebase console, go to the functions dashboard, select a function, and check the function's language under Additional details.

Yes. Since extensions use Cloud Functions, the runtime of your extensions will need to be updated on the same timeline as Cloud Functions.

We recommend that you periodically update to the latest version of each extension installed in your project. You can upgrade your projects' extensions via the Firebase console or Firebase CLI.

Cloud Messaging

FCM features deprecated in June 2023

FCM quotas and limits

Cloud Storage for Firebase

Crashlytics

Visit the Crashlytics troubleshooting & FAQ page for helpful tips and answers to more FAQs.

Firebase Local Emulator Suite

Hosting

Performance Monitoring

Visit the Performance Monitoring troubleshooting & FAQ page for helpful tips and answers to more FAQs.

Realtime Database

Remote Config

Test Lab

Visit the Test Lab troubleshooting page for helpful tips and answers to FAQs.

Firebase User Segmentation Storage