Is there a way to restrict public access from firebase callable could functions

Question

Firebase callable cloud functions can be accessed via client sdks, which requires a valid auth context for authentication and authorization. But and at the

Answer 1

Above given answer by @Frank van Puffelen is perfect but you can utilize a trik to restrict the access by securing that route. Here is the example,

const functions = require('firebase-functions');

exports.scheduleSampleJob = functions.https.onRequest((req , res) => {
     let auth = req.header('Authorization');

     if(auth == 'YOUR_API_AUTHORIZATION_KEY'){
         // valid Authorization key, process the call
     }else{
         //send forbidden if Authorization key not valid
         return res.status(403).send('Access is Forbidden'); 
     }
});

Now, if you want to call the endpoint, It will require a Authorization header in request having value your secret key.

As firebase cloud function can also be used with firebase-auth, you can create custom logic to allow access to users having auth only and restrict the access for public excluding your app's authentic users.