Skip to main content
RapidDev - Software Development Agency
bubble-integrationsBubble Plugin

Firebase

Connect Bubble to Firebase using the Zeroqode Firebase plugin — a paid marketplace plugin that wraps the Firebase JS SDK and exposes Firestore CRUD, Realtime Database listeners, and Firebase Auth directly as Bubble workflow actions. The critical difference from other platforms: Firestore Security Rules are enforced, not bypassed, so Bubble users must sign into Firebase Auth separately for rules to evaluate correctly.

What you'll learn

  • How the Zeroqode Firebase plugin works and how it differs from the API Connector approach
  • How to set up a Firebase project and copy the client-safe configuration keys
  • How to install and configure the Zeroqode Firebase plugin in Bubble
  • Why Firestore Security Rules are enforced in this integration and how to bridge Bubble auth to Firebase Auth
  • How to use Firestore CRUD actions and Realtime Database listeners in Bubble workflows
  • When to use the API Connector instead of the plugin for advanced Firebase Admin SDK operations
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Intermediate18 min read1–2 hoursDatabase & BackendLast updated July 2026RapidDev Engineering Team
TL;DR

Connect Bubble to Firebase using the Zeroqode Firebase plugin — a paid marketplace plugin that wraps the Firebase JS SDK and exposes Firestore CRUD, Realtime Database listeners, and Firebase Auth directly as Bubble workflow actions. The critical difference from other platforms: Firestore Security Rules are enforced, not bypassed, so Bubble users must sign into Firebase Auth separately for rules to evaluate correctly.

Quick facts about this guide
FactValue
ToolFirebase
CategoryDatabase & Backend
MethodBubble Plugin
DifficultyIntermediate
Time required1–2 hours
Last updatedJuly 2026

Bubble + Firebase: Plugin-Based, Rules-Enforced

Firebase's integration with Bubble is notable for two reasons: there's a purpose-built plugin that makes the setup significantly easier than a raw API Connector approach, and the auth model creates a specific gotcha that catches many Bubble founders off guard.

The Zeroqode Firebase plugin initializes Firebase in the browser using your project's client configuration — a set of keys (apiKey, authDomain, projectId, etc.) that are intentionally designed to be client-visible. Unlike AWS IAM secrets or Stripe secret keys, Firebase client config keys are safe to use in plugin settings. The security boundary in Firebase is not the config keys themselves but the Firestore Security Rules and Firebase Auth state.

This is where Bubble-Firebase integrations commonly break: Firestore Security Rules evaluate `request.auth` — the Firebase authentication state of the current user. When a Bubble user logs in using Bubble's native auth system, they are authenticated in Bubble but NOT in Firebase. The Firebase SDK running in the browser has no knowledge of Bubble's session. If your Firestore rules check `request.auth != null`, all Firestore reads and writes from the plugin will silently fail — returning empty results or errors — because the Firebase SDK treats the user as unauthenticated.

The solution is to bridge Bubble's login to Firebase Auth: after a user signs in through Bubble's native system, immediately call the plugin's 'Firebase Auth: Sign In with Email and Password' action with the same credentials. This generates a Firebase ID token that the SDK uses to pass `request.auth` to Security Rules.

For production apps where storing passwords in Bubble's database is unacceptable (it always is), consider using Firebase Auth as the primary auth system and Bubble's 'Sign in with external provider' feature — but this requires more advanced setup. Most Bubble-Firebase apps use Custom Auth Tokens (generated server-side) to authenticate users in Firebase using their Bubble user ID, avoiding the dual-password problem entirely.

The Zeroqode Firebase plugin price should be verified at zeroqode.com before purchase — pricing and availability change, and the plugin requires a one-time or subscription fee on top of your Bubble subscription.

Integration method

Bubble Plugin

The Zeroqode Firebase plugin (from the Bubble Plugin Marketplace) wraps the Firebase JS SDK and provides Bubble-native workflow actions for Firestore reads/writes, Realtime Database listeners, and Firebase Auth — no API Connector configuration required for standard use cases.

Prerequisites

  • A Google account with access to the Firebase Console at console.firebase.google.com
  • A Bubble app (any plan — the Zeroqode Firebase plugin itself does not require a paid Bubble plan for client-side operations; Backend Workflows for Admin SDK calls require a paid plan)
  • A Zeroqode account and purchased/licensed Firebase plugin (verify current pricing and terms at zeroqode.com)
  • Basic understanding of Bubble workflows and data types

Step-by-step guide

1

Create a Firebase project and copy the client configuration

Go to console.firebase.google.com → click 'Add project'. Give it a name (e.g. 'my-bubble-app'). You can disable Google Analytics for the project if you don't need it — it doesn't affect Firestore or Auth functionality. Click through to create the project. Once the project is created, click the web icon `</>` on the project overview page to register a web app. Give it a nickname (e.g. 'Bubble Frontend') and click 'Register app'. Firebase will display your project's configuration object: ```javascript const firebaseConfig = { apiKey: "AIzaSyXXXXXXXXXXXXXXXXXXXXXXXXXXXX", authDomain: "your-project.firebaseapp.com", projectId: "your-project-id", storageBucket: "your-project.appspot.com", messagingSenderId: "123456789", appId: "1:123456789:web:abcdef123456" }; ``` Copy all six values. These are client-safe keys — they are designed to be used in browser code and are published in Firebase's public documentation as safe to embed in frontend apps. The security boundary is your Firestore Security Rules and Firebase Auth state, not these config keys. Next, go to the project's Build section → Firestore Database → Create database. Choose your preferred Cloud Firestore location (pick the region closest to your users). Start in test mode for initial setup — you'll tighten Security Rules in Step 4. If you're using Realtime Database instead of Firestore, go to Build → Realtime Database → Create database.

firebase-config.json
1{
2 "apiKey": "AIzaSyXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
3 "authDomain": "your-project.firebaseapp.com",
4 "projectId": "your-project-id",
5 "storageBucket": "your-project.appspot.com",
6 "messagingSenderId": "123456789",
7 "appId": "1:123456789:web:abcdef123456"
8}

Pro tip: If you're migrating from an existing Firebase project used by a mobile app, do NOT create a new project — register the new web app in the existing project. Firestore data is shared across all apps in the same Firebase project.

Expected result: Firebase project created with Firestore (or Realtime Database) enabled. You have the six client configuration values ready to paste into the Bubble plugin settings.

2

Enable Firebase Authentication

Still in the Firebase Console, go to Build → Authentication → Get started. On the Sign-in method tab, enable the providers your Bubble app will use. At minimum, enable 'Email/Password' — this is what you'll use to bridge Bubble's native auth to Firebase Auth in Step 5. Click 'Email/Password' → Enable the first toggle (Email/Password sign-in) → Save. If you want Google Sign-In, click Google → Enable → add your project's support email → Save. For Google Sign-In to work from your Bubble domain, you also need to add your domain to the authorized domains list: Authentication → Settings tab → Authorized domains → Add domain → enter `yourapp.bubbleapps.io` and any custom domain you've connected. For test mode, you can also manually create a test user in Authentication → Users tab → Add user. This is helpful for testing Security Rules before connecting Bubble — you can verify that reads/writes work when authenticated before introducing the Bubble workflow layer.

Pro tip: When you enable Google Sign-In, Firebase automatically adds `your-project.firebaseapp.com` as an authorized OAuth domain. Add your Bubble app's production domain (and your custom domain if applicable) so Google's OAuth flow redirects back to the correct URL after sign-in.

Expected result: Firebase Authentication is enabled with Email/Password as a sign-in provider. Your Bubble app's domain is listed under Authorized domains. A test user has been created in the Firebase Console for testing.

3

Install and configure the Zeroqode Firebase plugin in Bubble

In your Bubble app, go to the Plugins tab in the left sidebar → click 'Add plugins'. In the search bar, type 'Firebase'. You'll see the Zeroqode Firebase plugin in the results. Click it to view the details — check the current price on zeroqode.com before purchasing, as pricing and licensing terms change. Install the plugin. After installation, click on the Zeroqode Firebase plugin in your Plugins list. You'll see configuration fields for your Firebase project. Fill in the six values from Step 1: - **API Key**: your `apiKey` value - **Auth Domain**: your `authDomain` value - **Project ID**: your `projectId` value - **Storage Bucket**: your `storageBucket` value (required if using Firebase Storage) - **Messaging Sender ID**: your `messagingSenderId` value - **App ID**: your `appId` value Do NOT mark these as private — they are intentionally client-visible keys. The Zeroqode plugin handles Firebase SDK initialization on page load once these values are configured. After saving the plugin settings, add a workflow on your main page (or a shared Header reusable element): Page is loaded → Plugin → Zeroqode Firebase → Initialize Firebase. This action must run before any other Firebase actions on the page. If you have multiple pages that use Firebase, add this initialization action to each page's 'Page is loaded' event, or use a Header reusable element that appears on all pages.

Pro tip: If you see the error 'Firebase: Firebase App named [DEFAULT] already exists' in the browser console, it means the Initialize Firebase action is being called multiple times on the same page load. Add a condition to the initialization workflow: 'Only when Firebase is not initialized' — the plugin exposes a state for this.

Expected result: The Zeroqode Firebase plugin is installed and configured with your project's client keys. The 'Initialize Firebase' action is added to the page load workflow. Firebase actions now appear in the Bubble workflow action picker under 'Plugins'.

4

Set up Firestore Security Rules

In the Firebase Console → Firestore Database → Rules tab, you'll see the current rules. Test mode rules allow all reads and writes for 30 days — never use these in production. Replace them with rules appropriate for your app. For a basic app where logged-in Bubble users can only read and write their own documents: ``` rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { // Users can only read/write their own profile match /users/{userId} { allow read, write: if request.auth != null && request.auth.uid == userId; } // Authenticated users can read shared content match /content/{docId} { allow read: if request.auth != null; allow write: if false; // Only admins via Backend Workflow } } } ``` Click Publish. These rules are now live — any Firestore operation from the Bubble plugin will be evaluated against them. Important: these rules check `request.auth.uid` — the Firebase Authentication UID of the currently signed-in Firebase user. Bubble's native auth session has no connection to `request.auth`. Until you bridge Bubble's login to Firebase Auth in the next step, all reads/writes from the plugin will fail with 'Missing or insufficient permissions' if your rules require authentication.

firestore.rules
1rules_version = '2';
2service cloud.firestore {
3 match /databases/{database}/documents {
4 match /users/{userId} {
5 allow read, write: if request.auth != null && request.auth.uid == userId;
6 }
7 match /content/{docId} {
8 allow read: if request.auth != null;
9 allow write: if false;
10 }
11 }
12}

Pro tip: Use the Firebase Console's Rules Playground to test your Security Rules before deploying them. You can simulate authenticated and unauthenticated reads/writes against specific document paths to verify your rules work as intended without making real Bubble workflow changes.

Expected result: Firestore Security Rules are published. The database no longer allows unauthenticated access. You understand that Bubble's login session must be bridged to Firebase Auth for the rules to evaluate correctly.

5

Bridge Bubble auth to Firebase Auth

This step solves the #1 Bubble-Firebase integration problem. After a user signs in or signs up in Bubble using Bubble's native auth, you must also sign them into Firebase Auth so the Firebase SDK has an authenticated session for Security Rules. In your Bubble Sign Up workflow (or Log In workflow), after the Bubble sign-up/sign-in action completes, add the following plugin action: Plugins → Zeroqode Firebase → Firebase Auth: Sign In with Email and Password. Map the parameters: - **Email**: Current User's email - **Password**: the password input element's value (this is available right after sign-up but NOT after subsequent page loads) For subsequent page loads (when a user returns to your app), you need a different approach. The Firebase SDK persists auth state in local storage — if the user previously signed in during the same browser session (or enabled 'Remember me' in Firebase Auth), the SDK automatically restores the session on page load. Add a workflow: Page is loaded → Plugins → Firebase: Check Auth State → if user is not signed in AND Bubble user is logged in → redirect to login or trigger re-authentication. For production apps where you cannot pass passwords around after sign-up, the cleaner solution is Firebase Custom Auth Tokens: a server-side Backend Workflow calls the Firebase Admin REST API to generate a custom token for the current Bubble user's UID, then the plugin signs in using that custom token. This approach doesn't require storing or re-sending passwords — it uses cryptographic token exchange instead. RapidDev's team has built this custom token bridge pattern multiple times — book a free scoping call at rapidevelopers.com/contact if you'd like guidance on the right auth architecture for your use case.

Pro tip: Add an 'Alert' action in the workflow after the Firebase sign-in step for debugging: display the plugin's 'Current Firebase User UID' state. If it shows a UID, auth bridging worked. If it shows empty, the Firebase sign-in failed silently — check the browser console for Firebase Auth error codes.

Expected result: When a user signs in through Bubble's native login, they are also signed in to Firebase Auth. The Firebase SDK now has an authenticated session, and Firestore reads/writes that check request.auth will succeed according to your Security Rules.

6

Use Firestore CRUD actions in Bubble workflows

Now that Firebase is initialized and auth is bridged, you can use the plugin's Firestore actions in any Bubble workflow. Here are the most common patterns: **Reading a Firestore collection into a Repeating Group**: In the Bubble workflow editor, add action: Plugins → Firebase → Get Firestore Collection. Set the collection path (e.g. `/tasks`), and optionally a where clause (e.g. `userId == Current Firebase User's UID`). The plugin stores the results in a plugin-specific state variable. Add a condition on your Repeating Group's data source: use the plugin's state for the collection data, with the field names matching your Firestore document structure. **Creating a Firestore document**: Add action: Plugins → Firebase → Create Firestore Document. Set the collection path (e.g. `/tasks`), and the document data as a JSON object with your field values. The plugin auto-generates a document ID, or you can specify one. **Real-time Realtime Database listener**: For live-updating data, use Plugins → Firebase → Listen to Realtime Database. Set the path (e.g. `/presence/{userId}`). The plugin updates its state whenever the data at that path changes, which triggers Bubble's reactive data bindings to update the UI without a page refresh. **Cleanup**: Call the plugin's 'Remove Realtime Database Listener' action when the page is no longer visible (use Bubble's 'Page will be destroyed' event on single-page apps) to prevent memory leaks from orphaned listeners. Always test Firestore operations in Bubble's preview (Test mode) before deploying — the Bubble preview runs on HTTPS, which Firebase Auth requires. Check the Firebase Console → Firestore Database → Data tab to confirm documents are being created and updated as expected.

Pro tip: If you hit the Spark free tier's 50K reads/day limit, Firestore queries return empty results without a clear error in Bubble. Monitor your Firestore usage in the Firebase Console → Usage tab. If you're regularly hitting limits, consider caching frequently-read Firestore data in Bubble's native database (updated by a scheduled Bubble workflow) instead of reading from Firestore on every page load.

Expected result: Firestore CRUD operations work correctly from Bubble workflows. Data appears in your Bubble repeating groups and is reflected in the Firebase Console. Real-time listeners update the UI without page refresh when database values change.

Common use cases

Real-time collaborative dashboard

Build a Bubble app where multiple users see live updates — a project management board, a shared inbox, or a live order tracking screen — using Firebase Realtime Database listeners. When one user updates a record, all other users' screens update within milliseconds without a page refresh.

Bubble Prompt

Add a Realtime Database listener on the Bubble page's 'Page is loaded' event that listens to '/orders/{userId}' and updates a repeating group in real time as orders change status, using the Zeroqode Firebase plugin's 'Listen to Realtime Database' action.

Copy this prompt to try it in Bubble

Google Sign-In for Bubble apps

Implement 'Sign in with Google' on a Bubble web app using Firebase Auth's Google OAuth provider. The plugin handles the OAuth popup flow in the browser and returns a Firebase ID token that identifies the user, bypassing the need to set up OAuth redirect URIs in Google Cloud Console manually.

Bubble Prompt

On the Login page, add a 'Sign in with Google' button that triggers the Firebase plugin's 'Firebase Auth: Sign In with Google' action, then creates or updates a Bubble User record with the returned email and Firebase UID.

Copy this prompt to try it in Bubble

Mobile app backend exposed in Bubble

If your team already has a Firebase/Firestore backend powering an iOS or Android app, use the Bubble integration to build an admin portal, a partner portal, or a customer web app on top of the same data — without migrating or duplicating it. Firestore Security Rules control what each user type can read and write.

Bubble Prompt

Build a Bubble admin portal that reads from the 'products' Firestore collection (authenticated with a Firebase service account via a Backend Workflow), displays records in a repeating group, and allows inline editing that writes back to Firestore using the plugin's Update Document action.

Copy this prompt to try it in Bubble

Troubleshooting

Firestore reads return empty results or a 'Missing or insufficient permissions' error even though the collection has data

Cause: The Bubble user is logged in via Bubble's native auth but has NOT signed into Firebase Auth via the plugin. Firestore Security Rules that check `request.auth != null` see an unauthenticated Firebase SDK session and block the query.

Solution: Check that your page load workflow or sign-in workflow calls the Zeroqode Firebase plugin's 'Firebase Auth: Sign In' action after the Bubble sign-in. In the browser's developer console, look for Firebase Auth state — the plugin usually logs the current user UID. If `request.auth` is null in your Security Rules, bridge the auth as described in Step 5. For immediate debugging, temporarily set Firestore rules to allow all reads: `allow read: if true;` — if data appears, the issue is confirmed to be auth-related.

The Firebase Initialize action causes 'Firebase App named [DEFAULT] already exists' console errors

Cause: The 'Initialize Firebase' plugin action is being called more than once on the same page — for example, from both a page load workflow and a reusable header element, or when a workflow re-runs on state changes.

Solution: Add a condition to the 'Initialize Firebase' workflow step: only run 'When Firebase: Firebase is initialized is no'. The plugin exposes an 'Is initialized' boolean state you can check. Alternatively, move the initialization to a single shared location — a reusable Header element that appears on all pages — and remove it from individual page workflows.

Firestore writes fail silently — the workflow completes without error but the document doesn't appear in the Firebase Console

Cause: Firestore Security Rules are blocking the write operation without returning an explicit error to Bubble. This commonly happens when the write rule checks `request.auth.uid == resource.data.userId` but the document doesn't have a `userId` field, or when the field value doesn't match the authenticated user's UID.

Solution: Use the Firebase Console's Rules Playground to simulate the exact write your Bubble workflow is attempting, with the authenticated user's UID. Check the 'Evaluation' panel for which rule is denying the request. Temporarily enable Firestore logging in the Firebase Console to see rejected write attempts in real time while testing.

Blaze plan Firebase charges are higher than expected

Cause: Firebase Blaze (pay-as-you-go) has no default spending cap. Realtime Database listeners and Firestore reads/writes per page load can add up quickly, especially for apps with many simultaneous users.

Solution: Set a Google Cloud budget alert immediately after switching to Blaze. In the Google Cloud Console → Billing → Budgets & alerts → Create budget. Set an amount at your comfort threshold and add alert thresholds at 50%, 90%, and 100%. Also review your Firestore read patterns — if a repeating group triggers one Firestore read per row, multiply that by your daily active users to estimate read volume.

Firestore queries return empty results after hitting a quota limit mid-day on the Spark free plan

Cause: The Spark free tier includes 50K Firestore reads per day, reset at midnight Pacific time. Hitting this limit causes queries to silently return empty results rather than an explicit error.

Solution: Monitor your daily Firestore usage in the Firebase Console → Project overview → Usage and billing. If you're regularly hitting the 50K reads limit, upgrade to the Blaze plan (pay-as-you-go with a budget alert) or implement Bubble-side caching: use a scheduled Bubble workflow that reads from Firestore once every 5-10 minutes and stores results in Bubble's native database, then display from Bubble's database instead of querying Firestore on every user page load.

Best practices

  • Always bridge Bubble's native auth to Firebase Auth in the sign-in/sign-up workflow. Firestore Security Rules use Firebase Auth state, not Bubble's session — unauthenticated Firebase SDK sessions will be blocked by any production-ready rules.
  • Start with Firestore Security Rules in test mode (all access allowed) for initial development, then immediately tighten rules before any real user data is added. Never deploy to production with `allow read, write: if true;` rules.
  • Set a Google Cloud billing alert before enabling Firebase Blaze features. There is no default spending cap — real charges can accumulate from Cloud Functions, Firestore writes, or Storage egress without warning.
  • Use Firestore for structured, queryable data (user profiles, orders, content) and Realtime Database for ephemeral state that needs real-time sync (presence indicators, live chat, collaborative cursors). They serve different use cases within the same Firebase project.
  • Clean up Realtime Database listeners when they are no longer needed. Use Bubble's 'Page will be destroyed' event or a page-specific 'This workflow runs when...' condition to call the plugin's 'Remove Listener' action. Orphaned listeners consume Realtime Database bandwidth and can cause stale data display.
  • For write operations, add Bubble privacy rules on any data type that mirrors Firestore data into Bubble's native database. Both layers of rules (Firebase Security Rules + Bubble privacy rules) provide defense in depth.
  • Monitor the Spark free tier limits (50K reads/day, 20K writes/day for Firestore) in the Firebase Console Usage tab. Build caching patterns in Bubble for frequently-read data to stay within limits on the free tier.
  • Verify Zeroqode plugin pricing and licensing terms at zeroqode.com before starting a project — plugin prices and availability can change. Factor the plugin cost into your app's infrastructure budget.

Alternatives

Frequently asked questions

Do I need a paid Bubble plan to use the Zeroqode Firebase plugin?

No — for client-side Firestore reads/writes and Firebase Auth actions, the Zeroqode Firebase plugin works on Bubble's free plan. The plugin runs in the browser (client-side), so it doesn't consume Bubble server-side WUs or require Backend Workflows. However, if you need Admin SDK operations (bypassing Security Rules, sending FCM notifications, managing users in bulk), those require Bubble Backend Workflows, which are a paid-plan feature.

Can I use Firebase without the Zeroqode plugin, just with Bubble's API Connector?

Yes, but it's significantly more work. The Firestore REST API (v1) and Firebase Auth REST API can both be called from Bubble's API Connector. For read-only public data, this works fine. For authenticated operations, you'd need to handle Firebase ID token generation manually and pass it in the Authorization header. The Zeroqode plugin handles all of this automatically, which is why it's the standard approach despite the cost.

What happens when Bubble users are NOT signed into Firebase Auth?

Any Firestore Security Rule that checks `request.auth != null` will deny the operation. Firestore returns a 'Missing or insufficient permissions' error, and the plugin's state for the query result will be empty. Bubble doesn't surface this as a visible error by default — the UI just shows empty data. Always bridge Bubble's login to Firebase Auth (Step 5) and test with the Firebase Console's Rules Playground to verify your rules work correctly with authenticated sessions.

How does Firebase Blaze pricing work and can I get unexpectedly large bills?

Yes — Firebase Blaze (pay-as-you-go) has NO default spending cap. Every Firestore read, write, and delete costs money above the free tier allotments. A poorly optimized Bubble app that reads 10 Firestore documents per page load × 1,000 daily page views = 10,000 reads/day, which exceeds the Spark free tier (50K reads/day) quickly at scale. Always set a Google Cloud billing alert immediately after enabling Blaze. The Firebase Console's Usage tab shows real-time consumption data.

Can I connect Bubble to an existing Firebase project used by my mobile app?

Yes, and this is a common use case. Register your Bubble app as an additional web app in the existing Firebase project — go to Project Settings → General → Your apps → Add app. Use the same Firestore database and Security Rules. Keep in mind that Security Rules are shared across all apps in the project, so any rule changes you make for Bubble will also affect your mobile app's data access.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Bubble integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.