Does FastAPI Work With Firebase?
FastAPI and Firebase work seamlessly together; use FastAPI to build your REST API backend and Firebase for authentication, database, and hosting.
Quick Facts
How FastAPI Works With Firebase
FastAPI and Firebase complement each other naturally. FastAPI handles your API layer with async support and automatic OpenAPI documentation, while Firebase provides backend services like Realtime Database or Firestore, Authentication, and Cloud Functions. You integrate Firebase into FastAPI using the official Firebase Admin SDK for Python, which lets you verify ID tokens, read/write to Firestore, and manage users directly from your endpoints. The architecture is straightforward: clients authenticate via Firebase Client SDK, receive ID tokens, pass those tokens to FastAPI endpoints, and FastAPI validates them using the Admin SDK before processing requests. Since Firebase Auth is decoupled from FastAPI, you maintain a clean separation of concerns. The developer experience is smooth—Firebase handles auth complexity while FastAPI focuses on business logic and API design. One architectural consideration: decide whether to use Firestore (document-oriented, great for FastAPI) or Realtime Database (JSON tree, requires more custom querying logic). Deploy FastAPI on Cloud Run for tight Firebase integration, or use any Python host and reach Firebase via HTTPS.
Best Use Cases
FastAPI with Firebase Auth and Firestore
pip install fastapi firebase-admin uvicornimport firebase_admin
from firebase_admin import credentials, auth, firestore
from fastapi import FastAPI, Depends, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthCredentials
cred = credentials.Certificate('serviceAccountKey.json')
firebase_admin.initialize_app(cred)
db = firestore.client()
security = HTTPBearer()
app = FastAPI()
async def verify_token(credentials: HTTPAuthCredentials = Depends(security)):
try:
decoded = auth.verify_id_token(credentials.credentials)
return decoded
except Exception as e:
raise HTTPException(status_code=401, detail="Invalid token")
@app.post("/items")
async def create_item(name: str, user: dict = Depends(verify_token)):
doc_ref = db.collection('items').add({'name': name, 'uid': user['uid']})
return {"id": doc_ref[1].id, "status": "created"}
@app.get("/items")
async def get_items(user: dict = Depends(verify_token)):
docs = db.collection('items').where('uid', '==', user['uid']).stream()
return [{'id': doc.id, **doc.to_dict()} for doc in docs]Known Issues & Gotchas
Firebase ID tokens expire after 1 hour; clients must refresh them, and FastAPI must handle token refresh requests gracefully
Fix: Implement token refresh endpoint in FastAPI that calls Firebase Admin SDK's verify_id_token() and handles ExpiredSignatureError exceptions appropriately
Firestore charges per read/write operation; N+1 query patterns in FastAPI can quickly inflate costs
Fix: Use Firestore batch reads, denormalize data strategically, and implement caching (Redis) between FastAPI and Firestore
Firebase Admin SDK initializes with a service account key file; storing this securely in production is essential
Fix: Use Cloud Run or App Engine for automatic service account injection, or store the key in a secrets manager (Google Secret Manager, HashiCorp Vault)
CORS issues when Firebase Client SDK calls FastAPI from a browser; Firebase domains aren't pre-configured
Fix: Configure FastAPI's CORSMiddleware to allow your frontend domain, or use Firebase Hosting + Cloud Run for same-origin requests
Alternatives
- •Supabase + FastAPI: Open-source Firebase alternative with PostgreSQL backend, better for complex queries
- •Auth0 + FastAPI + MongoDB: Specialized auth service with FastAPI and NoSQL database, more granular permission controls
- •AWS Cognito + FastAPI + DynamoDB: AWS ecosystem alternative, tighter integration with other AWS services
Resources
Related Compatibility Guides
Explore more compatibility guides