Question

Firebase: 403 PERMISSION_DENIED (FirebaseError: Installations): Requests are blocked, after updating SDKs (FirebaseInstallationsService)

I updated the Firebase SDKs of my Firebase for Web application.
Since the update my application no longer starts and throws the following error:
Any idea what is going on?

Uncaught (in promise)
FirebaseError: Installations: Create Installation request failed with error "403 PERMISSION_DENIED: Requests to this API firebaseinstallations.googleapis.com method google.firebase.installations.v1.FirebaseInstallationsService.CreateInstallation are blocked." (installations/request-failed).

 46  34741  46
1 Jan 1970

Solution

 155

It turns out that new versions of Firebase SDKs depend on a new internal infrastructure service, called FIS (the Firebase Installations Service) for targeting identifiers ("FIDs" or "Instance-IDs").
If you are using API key restrictions for the API keys you use in your application, you will have to extend those restrictions to allow usage with the new Firebase Installations Service at firebaseinstallations.googleapis.com.

To allow your API key in question to be used with the new Firebase Installations API:

  • go to the Google Cloud Console
  • choose the relevant project (i.e. the project you use for your application)
  • open the menu and go to APIs & Services -> Credentials
  • click Edit API key for the API key in question
  • scroll down to API restrictions
  • from the dropdown, choose Firebase Installations API
  • click Save
  • wait a couple of minutes for Google servers to update and retry...

Note: If you cannot find the Firebase Installations API in the list of APIs, you might first have to enable the API for your project (to do so click here).

Note: If you are not sure which API key is used in your application, you can check the usage numbers of Firebase Installations API per API key.

Note: Verify your fix by checking if you can see successful 200 requests increasing on the Firebase Installations API request metrics page.


Test if your configuration works with the following CURL command:

api_key=<YOUR_API_KEY>
project_identifier=<YOUR_PROJECT_ID>
app_id=<YOUR_FIREBASE_APP_ID_SIMILAR_TO_1:12345678:android:00000aaaaaaaa>

curl -H "content-type: application/json" -d "{appId: '$app_id', sdkVersion: 't:1'}" https://firebaseinstallations.googleapis.com/v1/projects/$project_identifier/installations/?key=$api_key

If your API key uses App restrictions you will have to expand your CURL request with the respective HTTP headers identifying your application:

  • Android: -H "x-android-package: com.rayo.example.app" -H "x-android-cert: 1234567890ABCDEF1234567890ABCDEFAABBCCDD"
  • iOS: -H "x-ios-bundle-identifier: com.rayo.example.app"
  • Webapp: -H "Referer: https://www.your.webapp.com/page?p=1"
2019-10-22

Solution

 0

Flutter Dev

The API key generated by Firebase when you register an app using the flutterfire config command will automatically include all of the required permissions.

I ran into this error when trying to add a new, non-flutter app to my Firebase project. For some reason, the flutterfire config command was detecting the wrong web project and was therefore creating a firebase_options.dart file with the wrong API key.

To fix it, I went directly to the Firebase console and located the correct Flutter web app under Project Settings -> Your Apps -> Web. Then I just copied the FirebaseOptions object and pasted that into the firebase_options.dart file created by flutterfire config.

2024-06-03