I'm using Python on my PC to update the Realtime Database, and that Python script should be the only thing that has access to the Realtime Database, for writing at the very least.
Is there a unique 'token' for the database that I can add to the script that can give it access, and then have the rules only allow access to users with that 'token'.
My thought was to add it here, in the Firebase configuration in Python.
firebaseConfig={
"apiKey": "XXX",
"authDomain": "XXX",
"databaseURL": "XXX",
"projectId": "XXX",
"storageBucket": "XXX",
"messagingSenderId": "XXX",
"appId": "XXX",
"measurementId": "XXX"
*"Unique Token Identifier": "123.."
}
firebase = pyrebase.initialize_app(firebaseConfig)
If you only run the Python script in a trusted environment, such as your own machine, I recommend adding service account credentials to the setup.
With a service account your script runs as an administrative process that bypasses the security rules, so you can use these rules to ensure that only your script can access the database:
{
"rules": {
".read": false,
".write": false
}
}