connecting firebase Realtime database with chrome extension

Question

I'm beginner and I'm developing a chrome extension that shows data received from my firebase realtime database. It does not need Login, or any personal information. I'm trying to use REST API. Until now I have been in a test mode so I opened access to data for all. But Google keeps mailing me that I have to change the access rule because it is dangerous.

My present access rule is this:

{
  "rules": {
    ".read": true,
    ".write": false
  }
} 

Now, I fetch data from https://<project name>.firebaseio.com/<database name>.json . But if I change the rule, the access will be denied.

So I want to add some key to the url and change access rule according to it so that I can fetch data from the url. For example, https://<project name>.firebaseio.com/<database name>.json?some_key=<some_key> . I do not need personal keys so I want only one key just like when we get information from open APIs. For example, when I use weather api, I get my api key from the host and adds the key to url.

Is this possible? If it is, I wonder two things.

1. the key that I can use (for example, realtime base wep API key)
2. access rule of realtime database

Answer 1

You can't pass parameters to the Firebase database like this:

https://<project name>.firebaseio.com/<database name>.json?some_key=<some_key>

But if you change the order of the values, it suddenly becomes possible:

https://<project name>.firebaseio.com/<some_key>/<database name>.json

We then change the security rules to only allow access when somebody already knows the secret key:

{
  "rules": {
    ".write": false,
    "$some_key": {
      ".read": true
    }
  }
} 

Now the secret key is part of the path of the data, and only a user that already knows the key can read the data for that key.