API Usage
You can use any Firebase Realtime Database URL as a REST endpoint. All you need to
do is append .json
to the end of the URL and send a request
from your favorite HTTPS client.
HTTPS is required. Firebase only responds to encrypted traffic so that your data remains safe.
GET - Reading Data
Data from your Realtime Database can be read by issuing an HTTP
GET
request to an endpoint. The following example
demonstrates how you might retrieve a user's
name that you had previously stored in Realtime Database.
curl 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json'
A successful request is indicated by a 200 OK
HTTP
status code. The response contains the data associated with the
path in the GET
request.
{ "first": "Jack", "last": "Sparrow" }
PUT - Writing Data
You can write data with a PUT
request.
curl -X PUT -d '{ "first": "Jack", "last": "Sparrow" }' \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json'
A successful request is indicated by a 200 OK
HTTP
status code. The response contains the data specified in the
PUT
request.
{ "first": "Jack", "last": "Sparrow" }
POST - Pushing Data
To accomplish the equivalent of the JavaScript push()
method (see Lists of Data),
you can issue a POST
request.
curl -X POST -d '{"user_id" : "jack", "text" : "Ahoy!"}' \ 'https://[PROJECT_ID].firebaseio.com/message_list.json'
A successful request is indicated by a 200 OK
HTTP status
code. The response contains the child name of the new data
specified in the POST
request.
{ "name": "-INOQPH-aV_psbk3ZXEX" }
PATCH - Updating Data
You can update specific children at a location without overwriting
existing data using a PATCH
request. Named children in the
data being written with PATCH
are overwritten, but omitted
children are not deleted. This is equivalent to the JavaScript
update()
function.
curl -X PATCH -d '{"last":"Jones"}' \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name/.json'
A successful request is indicated by a 200 OK
HTTP status
code. The response contains the data specified in the
PATCH
request.
{ "last": "Jones" }
DELETE - Removing Data
You can delete data with a DELETE
request:
curl -X DELETE \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json'
A successful DELETE
request is indicated by a
200 OK
HTTP status code with a response containing JSON
null
.
Method Override
If you make REST calls from a browser that does not support the
preceding methods, you can override the request method by making a
POST
request and setting your method by using
the X-HTTP-Method-Override
request header.
curl -X POST -H "X-HTTP-Method-Override: DELETE" \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json'
You can also use the x-http-method-override
query parameter.
curl -X POST \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json?x-http-method-override=DELETE'
Conditional Requests
Conditional requests, the REST equivalent of SDK transaction operations, update data according to a certain condition. See an overview of the workflow and learn more about conditional requests for REST in Saving Data.
Firebase ETag
The Firebase ETag is the unique identifier for the current data at a specified location. If the
data changes at that location, the ETag changes, too. The Firebase ETag must be specified in the
header for the initial REST request (typically a
GET
, but can be anything other than PATCH
).
curl -i 'https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json' -H 'X-Firebase-ETag: true'
if-match
The if-match
condition specifies the ETag value for the data you want to update.
If you use the condition, Realtime Database only completes requests where the ETag specified in the
write request matches the ETag of the existing data in the database. Fetch the
ETag at a location with a Firebase ETag request. If you want to overwrite any location that's
null, use null_etag
.
curl -iX PUT -d '11' 'https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json' -H 'if-match: [ETAG_VALUE]'
Expected responses
The following table provides an overview of the expected responses for each request type, based on the ETag match.
Request Type | ‘X-Firebase-ETag: true' | ETag matches if_match: <matching etag> |
ETag doesn't match if_match: <no matching etag> |
|
---|---|---|---|---|
GET | Response Status/Content | 200: "<data_at_path>" | 400: "...not supported.." | 400: "...not supported.." |
Added Headers | ETag: <ETag_of_data> | N/A | N/A | |
PUT | Response Status/Content | 200: "<put_data>" | 200: "<put_data>" | 412: "...ETag mismatch.." |
Added Headers | ETag: <ETag_of_put_data> | N/A | ETag: <database_ETag> | |
POST | Response Status/Content | 200: "<post_data>" | 400: "...not supported.." | 400: "...not supported.." |
Added Headers | ETag: <ETag_of_post_data> | N/A | N/A | |
PATCH | Response Status/Content | 400: "...not supported.." | 400: "...not supported.." | 400: "...not supported.." |
Added Headers | N/A | N/A | N/A | |
DELETE | Response Status/Content | 200: null | 200: "<data_after_put>" | 412: "...ETag mismatch.." |
Added Headers | ETag: <ETag_of_null> | N/A | ETag: <database_ETag> |
Query Parameters
The Firebase Database REST API accepts the following query parameters and values:
access_token
Supported by all request types. Authenticates this request to allow access to data protected by Firebase Realtime Database Security Rules. See the REST authentication documentation for details.
curl 'https://[PROJECT_ID].firebaseio/users/jack/name.json?access_token=CREDENTIAL'
shallow
This is an advanced feature, designed to help you work with large
datasets without needing to download everything. Set this to
true
to limit the depth of the data returned
at a location. If the data at the location is a JSON primitive
(string, number or boolean), its value will simply be returned. If the
data snapshot at the location is a JSON object, the
values for each key will be truncated to true
.
Arguments | REST Methods | Description |
---|---|---|
shallow | GET | Limit the depth of the response. |
curl 'https://[PROJECT_ID].firebaseio/.json?shallow=true'
Note that shallow
cannot be mixed with any other query
parameters.
Formats the data returned in the response from the server.
Arguments | REST Methods | Description |
---|---|---|
pretty | GET, PUT, POST, PATCH, DELETE | View the data in a human-readable format. |
silent | GET, PUT, POST, PATCH |
Used to suppress the output from the server when writing data.
The resulting response will be empty and indicated by
a 204 No Content HTTP status code.
|
curl 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json?print=pretty'
curl -X PUT -d '{ "first": "Jack", "last": "Sparrow" }' \ 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json?print=silent'
callback
Supported by GET
only. To make REST calls from a web browser
across domains, you can use JSONP to wrap the response in a JavaScript
callback function. Add callback=
to have the REST API wrap
the returned data in the callback function you specify.
<script> function gotData(data) { console.log(data); } </script> <script src="https://[PROJECT_ID].firebaseio.com/.json?callback=gotData"></script>
format
If set to export
, the server will encode priorities in the
response.
Arguments | REST Methods | Description |
---|---|---|
export | GET | Include priority information in the response. |
curl 'https://[PROJECT_ID].firebaseio.com/.json?format=export'
download
Supported by GET
only. If you would like to trigger a file
download of your data from a web browser, add download=
.
This causes the REST service to add the appropriate headers so that
browsers know to save the data to a file.
curl 'https://[PROJECT_ID].firebaseio/.json?download=myfilename.txt'
timeout
Use this to limit how long the read takes on the server side. If a read request doesn't finish within the allotted time, it terminates with an HTTP 400 error. This is particularly useful when you expect a small data transfer and don't want to wait too long to fetch a potentially huge subtree. Actual read time might vary based on data size and caching.
Specify timeouts
using the following format: 3ms
,
3s
, or 3min
, with a number and a unit. If not
specified, the maximum timeout
of 15min
will be
applied. If the timeout
is not positive, or exceeds the maximum,
the request will be rejected with an HTTP 400 error.
writeSizeLimit
To limit the size of a write, you
can specify the writeSizeLimit
query parameter as
tiny
(target=1s), small
(target=10s),
medium
(target=30s), large
(target=60s).
Realtime Database estimates the size of each write request and aborts
requests that will take longer than the target time.
If you specify unlimited
, exceptionally large writes (with up to 256MB payload)
are allowed, potentially blocking subsequent requests while the database processes the
current operation. Writes cannot be canceled once they reach the server.
curl -X DELETE 'https://docs-examples.firebaseio.com/rest/delete-data.json?writeSizeLimit=medium'
You will see the following error message if the write is too big:
Error: WRITE_TOO_BIG: Data to write exceeds the maximum size that can be modified with a single request.
Additionally, you can set the defaultWriteSizeLimit
for the whole database
instance using the Firebase CLI. This limit applies to all requests, including those from SDKs.
New databases are created with defaultWriteSizeLimit
set to large
.
You can't set defaultWriteSizeLimit
to tiny
using the Firebase CLI.
firebase database:settings:set defaultWriteSizeLimit large
orderBy
See the section in the guide on ordered data for more information.
limitToFirst, limitToLast, startAt, endAt, equalTo
See the section in the guide on filtering data for more information.
Streaming from the REST API
Firebase REST endpoints support the EventSource / Server-Sent Events protocol. To stream changes to a single location in your Realtime Database, you need to do a few things:
-
Set the client's Accept header to
"text/event-stream"
- Respect HTTP Redirects, in particular HTTP status code 307
-
If the location requires permission to read, you must include the
auth
parameter
In return, the server will send named events as the state of the data at
the requested URL changes. The structure of these messages conforms to
the EventSource
protocol.
event: event name data: JSON encoded data payload
The server may send the following events:
put
The JSON-encoded data is an object with two keys: path and data. The path key points to a location relative to the request URL. The client should replace all of the data at that location in its cache with data.
patch
The JSON-encoded data is an object with two keys: path and data. The path key points to a location relative to the request URL. For each key in data, the client should replace the corresponding key in its cache with the data for that key in the message.
keep-alive
The data for this event is null
. No action is required.
cancel
Some unexpected errors can send a `cancel` event and terminate the connection. The cause is described in the data provided for this event. Some potential causes are as follows: 1. The Firebase Realtime Database Security Rules no longer allow a read at the requested location. The `data` description for this cause is "Permission denied." 2. A write triggered an event streamer that sent a large JSON tree that exceeds our limit, 512MB. The `data` for this cause is "The specified payload is too large, please request a location with less data."
auth_revoked
The data for this event is a string indicating that a the credential
has expired. This event is sent when the supplied auth
parameter is no longer valid.
Here's an example set of events that the server may send:
// Set your entire cache to {"a": 1, "b": 2} event: put data: {"path": "/", "data": {"a": 1, "b": 2}} // Put the new data in your cache under the key 'c', so that the complete cache now looks like: // {"a": 1, "b": 2, "c": {"foo": true, "bar": false}} event: put data: {"path": "/c", "data": {"foo": true, "bar": false}} // For each key in the data, update (or add) the corresponding key in your cache at path /c, // for a final cache of: {"a": 1, "b": 2, "c": {"foo": 3, "bar": false, "baz": 4}} event: patch data: {"path": "/c", "data": {"foo": 3, "baz": 4}}
Priorities
Priority information for a location can be referenced with a
"virtual child" named .priority
. You can read priorities with
GET
requests and write them with PUT
requests.
For example, the following request retrieves the priority of the
users/tom
node:
curl 'https://[PROJECT_ID].firebaseio/users/tom/.priority.json'
To write priority and data at the same time, you can add a
.priority
child to the JSON payload:
curl -X PUT -d '{"name": {"first": "Tom"}, ".priority": 1.0}' \ 'https://[PROJECT_ID].firebaseio/users/tom.json'
To write priority and a primitive value (e.g. a string) at the same time,
you can add a .priority
child and put the primitive value
in a .value
child:
curl -X PUT -d '{".value": "Tom", ".priority": 1.0}' \ 'https://[PROJECT_ID].firebaseio/users/tom/name/first.json'
This writes "Tom"
with a priority of 1.0
.
Priorities can be included at any depth in the JSON payload.
Server Values
You can write server values at a location using a placeholder value which
is an object with a single .sv
key. The value for that key is
the type of server value you wish to set. For example, the following
request sets the node's value to the Firebase server's current
timestamp:
curl -X PUT -d '{".sv": "timestamp"}' \ 'https://[PROJECT_ID].firebaseio/users/tom/startedAtTime.json'
You can also write priorities using server values, using the "virtual child" path noted above.
Supported server values include:
Server Value | |
---|---|
timestamp | The time since UNIX epoch, in milliseconds. |
increment | Provide an integer or floating point delta value, in the form
{ ".sv": {"increment": <delta_value> }} , with which to atomically
increment the current database value. If the data does not yet exist, the update will set
the data to the delta value. If either of the delta value or the existing data are floating
point numbers, both values will be interpreted as floating point numbers and applied on the
back-end as a double value. Double arithmetic and representation of double values follow
IEEE 754 semantics. If there is positive/negative integer overflow, the sum is calculated
as a double. |
Retrieving and Updating Firebase Realtime Database Security Rules
The REST API can also be used to retrieve and update the Firebase Realtime Database Security Rules for your Firebase project. You'll need your Firebase project's secret, which you can find under the Service Accounts panel of your Firebase project's setting.
curl 'https://[PROJECT_ID].firebaseio/.settings/rules.json?auth=FIREBASE_SECRET' curl -X PUT -d '{ "rules": { ".read": true } }' 'https://[PROJECT_ID].firebaseio/.settings/rules.json?auth=FIREBASE_SECRET'
Authenticate requests
By default, REST requests are executed with no authentication and will only succeed if the
Realtime Database Rules allow public read or write access to
the data. To authenticate your request, use the
access_token=
or auth=
query parameters.
Learn more about authentication through the REST API in Authenticate REST Requests.
Error Conditions
The Firebase Database REST API can return the following error codes.
HTTP Status Codes | |
---|---|
400 Bad Request |
One of the following error conditions:
|
401 Unauthorized |
One of the following error conditions:
|
404 Not Found | The specified Realtime Database was not found. |
500 Internal Server Error | The server returned an error. See the error message for further details. |
503 Service Unavailable | The specified Firebase Realtime Database is temporarily unavailable, which means the request was not attempted. |
412 Precondition Failed | The request's specified ETag value in the if-match header did not match the server's value. |
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-09 UTC.