I need to create an API endpoint that returns PDFs. This endpoint is intended to be accessed by Twilio to use with their faxing API. However, the only way to do this with authentication is with HTTP Basic Auth.
Doing this seems easy enough with the express-basic-auth npm package. However, I'm not sure about the logistics with my tech stack. I use Firebase, Firestore and Cloud Functions.
How can I securely implement this HTTP Basic Auth with Cloud Functions? I can't use Firebase's Auth product bc like I said, another API needs to interact with this endpoint, not an actual person. I will have numerous internal username & passwords, should I store these in a database, Firestore? Hardcode it in an array in the function?
The ultimate question is, should I store the username passwords in a Firestore document?
According to this Firebase documentation, Google supports express apps in their stack. Thus you can simply create your middleware as explained in the package documentation of express-basic-auth:
const app = require('express')()
const basicAuth = require('express-basic-auth')
app.use(basicAuth({
users: { 'admin': 'supersecret' }
}))
And use the app in your cloud function as described here:
exports.api = functions.https.onRequest(app);