Securing data

Firestore offers robust access management and authentication through two different methods, depending on the client libraries you use.

For mobile and web client libraries, use Firebase Authentication and Firestore Security Rules to handle serverless authentication, authorization, and data validation. Learn how to secure your data for the Android, Apple, and Web client libraries with Firestore Security Rules.

Use App Check to help ensure that only your app can access your Firestore data.
For server client libraries, use Identity and Access Management (IAM) to manage access to your database. Learn how to secure your data for the Java, Python, Node.js, and Go client libraries with IAM.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-09-25 UTC.