Firebase Database REST API
API Usage
You can use any Firebase Realtime Database URL as a REST endpoint. All you need to do is append.json to the end of the URL and send a request from your favorite HTTPS client.
HTTPS is required. Firebase only responds to encrypted traffic so that your data remains safe.
You can choose the region in which to create a Realtime Database instance. Choice of region affects the database URL. Examples on this page are for regionus-central1, with URL scheme<dbname>.firebaseio.com. For currently-supported regions and URL schemes, see the guides topic onselecting locations in Firebase projects.GET - Reading Data
Data from yourRealtime Database can be read by issuing an HTTPGET request to an endpoint. The following example demonstrates how you might retrieve a user's name that you had previously stored inRealtime Database.
curl'https://[PROJECT_ID].firebaseio.com/users/jack/name.json'
[PROJECT_ID] with the identifier of your Firebase project. A successful request is indicated by a200 OK HTTP status code. The response contains the data associated with the path in theGET request.
{ "first": "Jack", "last": "Sparrow" }PUT - Writing Data
You can write data with aPUT request.
curl-XPUT-d'{ "first": "Jack", "last": "Sparrow" }'\'https://[PROJECT_ID].firebaseio.com/users/jack/name.json'
A successful request is indicated by a200 OK HTTP status code. The response contains the data specified in thePUT request.
{ "first": "Jack", "last": "Sparrow" }POST - Pushing Data
To accomplish the equivalent of the JavaScriptpush() method (seeLists of Data), you can issue aPOST request.
curl-XPOST-d'{"user_id" : "jack", "text" : "Ahoy!"}'\'https://[PROJECT_ID].firebaseio.com/message_list.json'
A successful request is indicated by a200 OK HTTP status code. The response contains the child name of the new data specified in thePOST request.
{ "name": "-INOQPH-aV_psbk3ZXEX" }PATCH - Updating Data
You can update specific children at a location without overwriting existing data using aPATCH request. Named children in the data being written withPATCH are overwritten, but omitted children are not deleted. This is equivalent to the JavaScriptupdate() function.
curl-XPATCH-d'{"last":"Jones"}'\'https://[PROJECT_ID].firebaseio.com/users/jack/name/.json'
A successful request is indicated by a200 OK HTTP status code. The response contains the data specified in thePATCH request.
{ "last": "Jones" }DELETE - Removing Data
You can delete data with aDELETE request:
curl-XDELETE\'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json'
A successfulDELETE request is indicated by a200 OK HTTP status code with a response containing JSONnull.
Method Override
If you make REST calls from a browser that does not support the preceding methods, you can override the request method by making aPOST request and setting your method by using theX-HTTP-Method-Override request header.
curl-XPOST-H"X-HTTP-Method-Override: DELETE"\'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json'
You can also use thex-http-method-override query parameter.
curl-XPOST\'https://[PROJECT_ID].firebaseio.com/users/jack/name/last.json?x-http-method-override=DELETE'
Conditional Requests
Conditional requests, the REST equivalent of SDK transaction operations, update data according to a certain condition. See an overview of the workflow and learn more about conditional requests for REST inSaving Data.
Firebase ETag
The Firebase ETag is the unique identifier for the current data at a specified location. If the data changes at that location, the ETag changes, too. The Firebase ETag must be specified in the header for the initial REST request (typically aGET, but can be anything other thanPATCH).
curl-i'https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json'-H'X-Firebase-ETag: true'
if-match
Theif-match condition specifies the ETag value for the data you want to update. If you use the condition,Realtime Database only completes requests where the ETag specified in the write request matches the ETag of the existing data in the database. Fetch the ETag at a location with a Firebase ETag request. If you want to overwrite any location that's null, usenull_etag.
curl-iXPUT-d'11''https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json'-H'if-match:[ETAG_VALUE]'
Expected responses
The following table provides an overview of the expected responses for each request type, based on the ETag match.
| Request Type | ‘X-Firebase-ETag: true' | ETag matchesif_match: <matching etag> | ETag doesn't matchif_match: <no matching etag> | |
|---|---|---|---|---|
| GET | Response Status/Content | 200: "<data_at_path>" | 400: "...not supported.." | 400: "...not supported.." |
| Added Headers | ETag: <ETag_of_data> | N/A | N/A | |
| PUT | Response Status/Content | 200: "<put_data>" | 200: "<put_data>" | 412: "...ETag mismatch.." |
| Added Headers | ETag: <ETag_of_put_data> | N/A | ETag: <database_ETag> | |
| POST | Response Status/Content | 200: "<post_data>" | 400: "...not supported.." | 400: "...not supported.." |
| Added Headers | ETag: <ETag_of_post_data> | N/A | N/A | |
| PATCH | Response Status/Content | 400: "...not supported.." | 400: "...not supported.." | 400: "...not supported.." |
| Added Headers | N/A | N/A | N/A | |
| DELETE | Response Status/Content | 200: null | 200: "<data_after_put>" | 412: "...ETag mismatch.." |
| Added Headers | ETag: <ETag_of_null> | N/A | ETag: <database_ETag> | |
Query Parameters
The Firebase Database REST API accepts the following query parameters and values:
access_token
Supported by all request types. Authenticates this request to allow access to data protected byFirebase Realtime Database Security Rules. Seethe REST authentication documentation for details.
curl'https://[PROJECT_ID].firebaseio/users/jack/name.json?access_token=CREDENTIAL'
shallow
This is an advanced feature, designed to help you work with large datasets without needing to download everything. Set this totrue to limit the depth of the data returned at a location. If the data at the location is a JSON primitive (string, number or boolean), its value will simply be returned. If the data snapshot at the location is a JSON object, the values for each key will be truncated totrue.
| Arguments | REST Methods | Description |
|---|---|---|
| shallow | GET | Limit the depth of the response. |
curl'https://[PROJECT_ID].firebaseio/.json?shallow=true'
Note thatshallow cannot be mixed with any other query parameters.
Formats the data returned in the response from the server.
| Arguments | REST Methods | Description |
|---|---|---|
| pretty | GET, PUT, POST, PATCH, DELETE | View the data in a human-readable format. |
| silent | GET, PUT, POST, PATCH | Used to suppress the output from the server when writing data. The resulting response will be empty and indicated by a204 No Content HTTP status code. |
curl'https://[PROJECT_ID].firebaseio.com/users/jack/name.json?print=pretty'
curl-XPUT-d'{ "first": "Jack", "last": "Sparrow" }'\'https://[PROJECT_ID].firebaseio.com/users/jack/name.json?print=silent'
callback
Supported byGET only. To make REST calls from a web browser across domains, you can use JSONP to wrap the response in a JavaScript callback function. Addcallback= to have the REST API wrap the returned data in the callback function you specify.
<script>functiongotData(data){console.log(data);}</script><scriptsrc="https://[PROJECT_ID].firebaseio.com/.json?callback=gotData"></script>
format
If set toexport, the server will encode priorities in the response.
| Arguments | REST Methods | Description |
|---|---|---|
| export | GET | Include priority information in the response. |
curl'https://[PROJECT_ID].firebaseio.com/.json?format=export'
download
Supported byGET only. If you would like to trigger a file download of your data from a web browser, adddownload=. This causes the REST service to add the appropriate headers so that browsers know to save the data to a file.
curl'https://[PROJECT_ID].firebaseio/.json?download=myfilename.txt'
timeout
Use this to limit how long the read takes on the server side. If a read request doesn't finish within the allotted time, it terminates with an HTTP 400 error. This is particularly useful when you expect a small data transfer and don't want to wait too long to fetch a potentially huge subtree. Actual read time might vary based on data size and caching.
Specifytimeouts using the following format:3ms,3s, or3min, with a number and a unit. If not specified, the maximumtimeout of15min will be applied. If thetimeout is not positive, or exceeds the maximum, the request will be rejected with an HTTP 400 error.
writeSizeLimit
If you specifyunlimited, exceptionally large writes (with up to 256MB payload) are allowed, potentially blocking subsequent requests while the database processes the current operation. Writes cannot be canceled once they reach the server.
curl -X DELETE 'https://docs-examples.firebaseio.com/rest/delete-data.json?writeSizeLimit=medium'
You will see the following error message if the write is too big:
Error:WRITE_TOO_BIG:Datatowriteexceedsthemaximumsizethatcanbemodifiedwithasinglerequest.
Additionally, you can set thedefaultWriteSizeLimit for the whole database instance using the Firebase CLI. This limit applies to all requests, including those from SDKs. New databases are created withdefaultWriteSizeLimitset tolarge. You can't setdefaultWriteSizeLimit totiny using the Firebase CLI.
firebase database:settings:set defaultWriteSizeLimit large
firebase database:remove /large/path/to/delete
orderBy
See the section in the guide onordered data for more information.
limitToFirst, limitToLast, startAt, endAt, equalTo
See the section in the guide onfiltering data for more information.
Streaming from the REST API
Firebase REST endpoints support theEventSource / Server-Sent Events protocol. To stream changes to a single location in yourRealtime Database, you need to do a few things:
- Set the client's Accept header to
"text/event-stream" - Respect HTTP Redirects, in particular HTTP status code 307
- If the location requires permission to read, you must include the
authparameter
In return, the server will send named events as the state of the data at the requested URL changes. The structure of these messages conforms to theEventSource protocol.
event:eventnamedata:JSONencodeddatapayload
The server may send the following events:
put
The JSON-encoded data is an object with two keys:path anddata. Thepath key points to a location relative to the request URL. The client should replace all of the data at that location in its cache withdata.
patch
The JSON-encoded data is an object with two keys:path anddata. Thepath key points to a location relative to the request URL. For each key indata, the client should replace the corresponding key in its cache with the data for that key in the message.
keep-alive
The data for this event isnull. No action is required.
cancel
Some unexpected errors can send a `cancel` event and terminate the connection. The cause is described in the data provided for this event. Some potential causes are as follows: 1. TheFirebase Realtime Database Security Rules no longer allow a read at the requested location. The `data` description for this cause is "Permission denied." 2. A write triggered an event streamer that sent a large JSON tree that exceeds our limit, 512MB. The `data` for this cause is "The specified payload is too large, please request a location with less data."
auth_revoked
The data for this event is a string indicating that a the credential has expired. This event is sent when the suppliedauth parameter is no longer valid.
Here's an example set of events that the server may send:
// Set your entire cache to {"a": 1, "b": 2}event:putdata:{"path":"/","data":{"a":1,"b":2}}// Put the new data in your cache under the key 'c', so that the complete cache now looks like:// {"a": 1, "b": 2, "c": {"foo": true, "bar": false}}event:putdata:{"path":"/c","data":{"foo":true,"bar":false}}// For each key in the data, update (or add) the corresponding key in your cache at path /c,// for a final cache of: {"a": 1, "b": 2, "c": {"foo": 3, "bar": false, "baz": 4}}event:patchdata:{"path":"/c","data":{"foo":3,"baz":4}}
Priorities
Priority information for a location can be referenced with a "virtual child" named.priority. You can read priorities withGET requests and write them withPUT requests. For example, the following request retrieves the priority of theusers/tom node:
curl'https://[PROJECT_ID].firebaseio/users/tom/.priority.json'
To write priority and data at the same time, you can add a.priority child to the JSON payload:
curl-XPUT-d'{"name": {"first": "Tom"}, ".priority": 1.0}'\'https://[PROJECT_ID].firebaseio/users/tom.json'
To write priority and a primitive value (e.g. a string) at the same time, you can add a.priority child and put the primitive value in a.value child:
curl-XPUT-d'{".value": "Tom", ".priority": 1.0}'\'https://[PROJECT_ID].firebaseio/users/tom/name/first.json'
This writes"Tom" with a priority of1.0. Priorities can be included at any depth in the JSON payload.
Server Values
You can write server values at a location using a placeholder value which is an object with a single.sv key. The value for that key is the type of server value you wish to set. For example, the following request sets the node's value to the Firebase server's current timestamp:
curl-XPUT-d'{".sv": "timestamp"}'\'https://[PROJECT_ID].firebaseio/users/tom/startedAtTime.json'
You can also write priorities using server values, using the "virtual child" path noted above.
Supported server values include:
| Server Value | |
|---|---|
| timestamp | The time since UNIX epoch, in milliseconds. |
| increment | Provide an integer or floating point delta value, in the form{ ".sv": {"increment": <delta_value> }}, with which to atomically increment the current database value. If the data does not yet exist, the update will set the data to the delta value. If either of the delta value or the existing data are floating point numbers, both values will be interpreted as floating point numbers and applied on the back-end as a double value. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the sum is calculated as a double. |
Retrieving and UpdatingFirebase Realtime Database Security Rules
The REST API can also be used to retrieve and update theFirebase Realtime Database Security Rules for your Firebase project. You'll need your Firebase project's secret, which you can find under theService Accounts panel of your Firebase project's setting.
curl'https://[PROJECT_ID].firebaseio/.settings/rules.json?auth=FIREBASE_SECRET'curl-XPUT-d'{ "rules": { ".read": true } }''https://[PROJECT_ID].firebaseio/.settings/rules.json?auth=FIREBASE_SECRET'
Authenticate requests
By default, REST requests are executed with no authentication and will only succeed if theRealtime Database Rules allow public read or write access to the data. To authenticate your request, use theaccess_token= orauth= query parameters.
Learn more about authentication through the REST API inAuthenticate REST Requests.
Error Conditions
The Firebase Database REST API can return the following error codes.
| HTTP Status Codes | |
|---|---|
| 400 Bad Request | One of the following error conditions:
|
| 401 Unauthorized | One of the following error conditions:
|
| 404 Not Found | The specifiedRealtime Database was not found. |
| 500 Internal Server Error | The server returned an error. See the error message for further details. |
| 503 Service Unavailable | The specified Firebase Realtime Database is temporarily unavailable, which means the request was not attempted. |
| 412 Precondition Failed | The request's specified ETag value in the if-match header did not match the server's value. |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-01-21 UTC.
[8]ページ先頭