Tutorials > Protected API Calls

Go to the react-native-starter-backend/functions/src/index.ts file. That will be the file that you will store all of your API endpoints.

1. We mostly need protected API endpoints for the general cases such as Please Login , Paid Plan Required to use this feature etc.

2. Adding a new protected API endpoint is pretty easy. You can create it like below and add the user check if the user is authenticated or not. validateFirebaseIdToken function automatically decides if the user is authenticated or not by checking the HTTP headers by itself; so you don't need to worry about that!

react-native-starter-backend/functions/src/index.ts

import { validateFirebaseIdToken } from "./utils/validate-firebase-id-token";

export const protectedApiExample = onRequest(async (request, response) => {
  const user = await validateFirebaseIdToken(request, response);

  if (!user) {
    response.status(403).send("unauthenticated")
    return;
  }

  response.json({
    status: "user is authenticated!!!"
  })
});

🔙 On the mobile app side, you just need to pass the authorization token as below. The existing HTTP services in the mobile app repository are already configured to work like this; but when you create a new one and need that to be protected; it is as easy as it seems below:

/react-native-starter-mobile/services/protected-api-sample.service.ts

import apiClient from "./api";

import auth from "@react-native-firebase/auth";
  
export const protectedApiSampleService = async () => {
  const idToken = await auth().currentUser?.getIdToken();
  return apiClient.post("/protectedApiExample", {}, {
    headers: {
      Authorization: `Bearer ${idToken}`
    }
  });
};