I have a mobile app with a backend hosted on firebase. I also have several services that a hosted on digitalocean. There services are only meant to be called from firebase functions and should not be accessed directly. What would be the best way achieve this level of security? I know that firebase functions does not have a fixed ip address so whitelisting ips will not work.
I’m thinking of using a basic http authentication between firebase functions and digitalocean server… Is there a better option?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
You can leverage the time tested SSL certificate pattern. The DO server will have the key and firebase a certificate signed by the key. You can read more here:
https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.