Skip to main content
RapidDev - Software Development Agency
flutterflow-integrationsFlutterFlow Native Integration

Firebase

Connect FlutterFlow to Firebase using the built-in native Firebase integration — open the Firebase menu in the left toolbar, sign in with your Google account, and let FlutterFlow auto-generate the config files. Then toggle on Authentication, Firestore, Storage, and Cloud Functions as needed. The Cloud Functions service is the critical piece for any integration that needs a secret API key kept off the client.

What you'll learn

  • How to link a Firebase project to FlutterFlow and auto-generate both platform config files
  • How to enable Firebase Authentication and configure login providers
  • How to decide which Firebase services to turn on (Firestore vs Realtime DB, Storage, Cloud Functions)
  • How to use Cloud Functions as a secure proxy for third-party API keys
  • The top launch mistakes (open Security Rules, missing APNs key, no budget alert on Blaze)
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Beginner14 min read25 minutesDatabase & BackendLast updated July 2026RapidDev Engineering Team
TL;DR

Connect FlutterFlow to Firebase using the built-in native Firebase integration — open the Firebase menu in the left toolbar, sign in with your Google account, and let FlutterFlow auto-generate the config files. Then toggle on Authentication, Firestore, Storage, and Cloud Functions as needed. The Cloud Functions service is the critical piece for any integration that needs a secret API key kept off the client.

Quick facts about this guide
FactValue
ToolFirebase
CategoryDatabase & Backend
MethodFlutterFlow Native Integration
DifficultyBeginner
Time required25 minutes
Last updatedJuly 2026

Firebase Is FlutterFlow's Default Backend — Here's the Full Setup

If you are building with FlutterFlow, Firebase is not just one option among many — it is the native backend the platform was designed around. Firestore is the default database, Firebase Auth is the built-in login system, and Cloud Functions are how you run server-side code without standing up your own server. FlutterFlow's Firebase panel handles the entire setup ceremony: connecting your Google account, selecting the project, and generating the platform-specific config files that the Firebase SDK needs to initialize.

The setup decision that matters most is which Firebase services to enable. For most FlutterFlow apps, the combination is: Authentication (so users can log in) + Firestore (so data persists and syncs in real time) + Storage (if users upload photos or files). Cloud Functions become necessary the moment you need to call a third-party API that has a secret key — the Functions hold the secret server-side and FlutterFlow calls the Function from the app, never exposing the key in the compiled code. This is the correct pattern for Stripe, OpenAI, SendGrid, and any other service whose key must stay private.

Firebase pricing starts on the Spark free tier, which is generous enough for most early-stage apps. Enabling phone authentication SMS or any paid service requires upgrading to the Blaze pay-as-you-go plan. Blaze has no default spending cap — set a budget alert in Google Cloud console the moment you upgrade, because a misconfigured listener or a burst of traffic can generate real charges with no automatic cutoff.

Integration method

FlutterFlow Native Integration

FlutterFlow has a first-class Firebase integration built directly into the editor. A single click on the Firebase menu lets you connect a Google project, auto-generate both platform config files (google-services.json for Android, GoogleService-Info.plist for iOS), and toggle individual Firebase services on or off without touching any configuration files manually. The integration handles SDK wiring, route guards for Authentication, and the Call Cloud Function action for server-side logic.

Prerequisites

  • A FlutterFlow project (any plan)
  • A Google account with Owner or Editor access to the Firebase project you want to connect
  • A Firebase project created at console.firebase.google.com (FlutterFlow can guide you to create one if needed)
  • For Cloud Functions: the Firebase project must be on the Blaze pay-as-you-go plan (Cloud Functions are not available on Spark)
  • For iOS push notifications (APNs): an Apple Developer account and an APNs authentication key or certificate uploaded to Firebase

Step-by-step guide

1

Open the Firebase panel and connect your Google project

In your FlutterFlow project, find the Firebase flame icon in the left navigation toolbar and click it. This opens the Firebase integration panel. Click 'Connect' and sign in with the Google account that has Owner or Editor access to your Firebase project — Viewer access will fail silently when FlutterFlow tries to generate config files. FlutterFlow fetches a list of all Firebase projects under that account. Click the project you want to use. If you do not have a project yet, open a new browser tab, go to console.firebase.google.com, click 'Add Project,' follow the three-step wizard, then come back to FlutterFlow and refresh the project list. Once you select the project, click 'Auto-generate Config Files.' FlutterFlow calls the Firebase Management API and downloads google-services.json (for Android) and GoogleService-Info.plist (for iOS), embedding them in your build automatically. A green 'Connected' indicator appears in the panel when this succeeds. You should also see the list of Firebase services you can enable become active.

Pro tip: Only one Google account can be the project owner in FlutterFlow at a time. If your team uses a shared Firebase project, make sure the account you are connecting with has at least Editor access in the Firebase console under Project Settings → Users and Permissions.

Expected result: The Firebase panel shows a green 'Connected' badge and all service toggle options (Authentication, Firestore, Storage, Cloud Functions) become clickable.

2

Enable Authentication and configure login providers

In the Firebase panel, click 'Authentication.' FlutterFlow opens an Auth setup wizard. First, enable the login providers your app needs: toggle on Email/Password for the most common case. If you want Google Sign-In, toggle it on — FlutterFlow adds the required dependency and configuration automatically. For Apple Sign-In (required on iOS for apps that use third-party login), toggle it on and note that you will need to configure the Sign in with Apple capability in your Apple Developer account. For phone OTP (SMS) authentication, be aware that this requires the Blaze plan because Google charges for SMS delivery. Once you choose your providers, the wizard generates a login page and a signup page in your FlutterFlow project and wires them together with route logic. It also creates a 'Logged In' conditional that you can attach to any page to redirect unauthenticated users to login. The current authenticated user's data (UID, email, display name) becomes available as a global variable throughout your app under 'currentUserReference' and 'currentUserData.'

Pro tip: For iOS builds that include any third-party login (Google, Facebook, etc.), Apple's App Store policy requires you to also offer Sign in with Apple. Add it now to avoid rejection during App Store review.

Expected result: FlutterFlow creates login and signup pages in your project. The Authentication tab in Firebase console shows your enabled providers. In Run mode, you can create a test account and see it appear in the Firebase console under Authentication → Users.

3

Enable Firestore, Storage, and set Security Rules

Back in the Firebase panel in FlutterFlow, click 'Firestore' to enable the database. Choose a region (pick one geographically close to your primary users — you cannot change the region after creation). This activates the Firestore schema editor where you can define your data structure (see the dedicated Firestore integration page for the full schema setup walkthrough). Click 'Storage' to enable Firebase Storage for file and media uploads. Both Firestore and Storage start with test-mode Security Rules that expire after 30 days and leave your data world-readable until then. Go to the 'Firestore Settings' tab in FlutterFlow (or directly in the Firebase console under Firestore → Rules) and replace the test-mode rule with auth-based rules before you share the app. A minimal safe rule: `allow read, write: if request.auth != null;` restricts access to logged-in users. For per-user data isolation, check the Firestore-specific page in this content library for the full rule pattern using request.auth.uid. For Storage, set a similar rule under Firebase console → Storage → Rules. These two Security Rules steps are the most common launch mistake — do not skip them.

firebase.rules
1// Minimal Firestore rule — logged-in users only
2rules_version = '2';
3service cloud.firestore {
4 match /databases/{database}/documents {
5 match /{document=**} {
6 allow read, write: if request.auth != null;
7 }
8 }
9}
10
11// Minimal Storage rule — logged-in users only
12rules_version = '2';
13service firebase.storage {
14 match /b/{bucket}/o {
15 match /{allPaths=**} {
16 allow read, write: if request.auth != null;
17 }
18 }
19}

Pro tip: Replacing open test-mode rules with auth-based rules is one step; the next is per-document ownership rules. See the google-cloud-firestore integration page on this site for the full pattern.

Expected result: The Firebase console shows Firestore and Storage both active with your updated Security Rules deployed. The Rules Playground confirms an unauthenticated read is denied.

4

Deploy a Cloud Function to proxy secret-key API calls

Any time your app needs to call a third-party service that has a secret API key — Stripe secret key, OpenAI API key, SendGrid API key, etc. — you must never place that key in your FlutterFlow project. FlutterFlow compiles to a client app, and any value you store in an API Call header or a Dart constant is shipped to every user's device. The solution is a Firebase Cloud Function. In the Firebase console, go to Functions and click 'Get Started.' You will write the Function in Node.js (JavaScript) using the Firebase Functions SDK. Create an HTTPS callable function that accepts a request from your app, uses the secret key from the function's environment (set via `firebase functions:config:set` or through the Firebase console's 'Secret Manager' integration), calls the third-party API, and returns the result. Back in FlutterFlow, add a button action: Action Flow Editor → + Add Action → Backend/Database → Call Cloud Function. Select the function name, pass any parameters your function needs, and handle the response. This pattern means the secret key lives only inside Google's infrastructure, never in the compiled app.

index.js
1// Firebase Cloud Function — secure proxy for a secret API key
2// Deploy via Firebase console → Functions or Firebase CLI
3const functions = require('firebase-functions');
4const fetch = require('node-fetch');
5
6exports.callSecretApi = functions.https.onCall(async (data, context) => {
7 // Reject unauthenticated calls
8 if (!context.auth) {
9 throw new functions.https.HttpsError(
10 'unauthenticated',
11 'You must be logged in to call this function.'
12 );
13 }
14
15 // Secret key from Firebase environment config — never hardcoded
16 const apiKey = process.env.SECRET_API_KEY;
17 const userInput = data.inputText;
18
19 const response = await fetch('https://api.example.com/endpoint', {
20 method: 'POST',
21 headers: {
22 'Authorization': `Bearer ${apiKey}`,
23 'Content-Type': 'application/json'
24 },
25 body: JSON.stringify({ input: userInput })
26 });
27
28 const result = await response.json();
29 return { output: result.data };
30});

Pro tip: Cloud Functions require the Blaze plan. The free tier of Cloud Functions (1M invocations/month) is generous, but upgrade from Spark to Blaze and set a budget alert in Google Cloud console before enabling Functions.

Expected result: The Firebase console shows your function deployed and active. In FlutterFlow, the 'Call Cloud Function' action connects, and testing in Run mode returns the expected response without the secret key ever appearing in your FlutterFlow project.

5

Set up iOS push notifications with APNs (if using messaging)

If your app uses Firebase Cloud Messaging (FCM) for push notifications on iOS, you must upload an Apple Push Notification service (APNs) key to Firebase — FlutterFlow does not do this automatically. Go to the Firebase console → Project Settings → Cloud Messaging → Apple app configuration section. Click 'Upload' next to APNs Authentication Key. To get this key, log in to developer.apple.com, go to Certificates, Identifiers & Profiles → Keys, and create a new key with the Apple Push Notifications Service (APNs) capability enabled. Download the .p8 file. Back in Firebase, upload the .p8 file, enter your Key ID (shown in the Apple Developer portal), and your Team ID (top right of the Apple Developer portal). Without this step, push notifications will not be delivered to iOS devices even if your FlutterFlow setup looks correct. Android FCM works without this extra step — it is iOS-specific. Also make sure the Bundle ID in your FlutterFlow project settings matches the App ID registered in the Apple Developer portal exactly.

Pro tip: APNs keys are different from APNs certificates. Keys (.p8) are recommended over certificates (.p12) because they do not expire annually. If you already uploaded a certificate, you can delete it and add a key instead.

Expected result: The Firebase console shows a green checkmark under Apple app configuration → APNs Authentication Key. Test push notifications appear on an iOS device when triggered from the Firebase console's Notifications composer.

Common use cases

Mobile app with email/Google login, user profiles, and photo uploads

A FlutterFlow app uses Firebase Auth for email/password and Google Sign-In, stores user profile data in a Firestore 'users' collection, and lets users upload a profile photo to Firebase Storage. Auth state drives route guards so unauthenticated users are redirected to the login page automatically.

FlutterFlow Prompt

Build a mobile app where users sign up with email or Google, complete a profile with name and photo, and see a personalized home screen. Unauthenticated users should be redirected to the login page.

Copy this prompt to try it in FlutterFlow

App that sends transactional emails via a secret-key service using Cloud Functions

FlutterFlow calls a Firebase Cloud Function when a user completes a booking. The Cloud Function holds the SendGrid API key in environment variables and sends a confirmation email. The secret key never leaves the server. FlutterFlow triggers the Function using the 'Call Cloud Function' action in the Action Flow Editor.

FlutterFlow Prompt

When a user submits a booking form, send them a confirmation email using SendGrid. The SendGrid API key must not be visible in the app code.

Copy this prompt to try it in FlutterFlow

Real-time collaborative app with Storage for shared files

A project management FlutterFlow app stores tasks in Firestore (real-time updates across all users), lets team members upload documents to Firebase Storage, and uses Security Rules tied to project membership to control who can read or write. Cloud Functions handle notifications when new files are uploaded.

FlutterFlow Prompt

Build a team project app where members can add tasks and upload shared documents. Tasks should update live for all team members, and file uploads should be accessible only to people in the same project.

Copy this prompt to try it in FlutterFlow

Troubleshooting

Auto-generate Config Files fails silently — no google-services.json or GoogleService-Info.plist is created

Cause: The Google account used to connect FlutterFlow has Viewer-only access on the Firebase or Google Cloud project. FlutterFlow needs to call the Firebase Management API, which requires Owner or Editor permissions.

Solution: In the Firebase console, go to Project Settings → Users and Permissions and verify your account's role. If it shows Viewer, ask the project owner to upgrade your role to Editor. Then disconnect and reconnect Firebase in FlutterFlow.

Enabling phone authentication (SMS) fails with 'This project must be upgraded to enable this feature'

Cause: Phone number authentication requires Firebase to send SMS messages, which is a paid service. The project is still on the Spark free plan.

Solution: In the Firebase console, go to Project Overview → Spark plan → Upgrade to Blaze. Once upgraded, phone auth will enable. Set a Google Cloud budget alert immediately after upgrading — Blaze has no default spending cap.

iOS push notifications work in Firebase testing console but never arrive on device

Cause: The APNs key or certificate is missing, expired, or uploaded with the wrong Team ID or Key ID.

Solution: Go to Firebase console → Project Settings → Cloud Messaging → Apple app configuration. Confirm the APNs Authentication Key is uploaded. Verify the Key ID and Team ID match exactly what is in the Apple Developer portal. Re-upload the .p8 file if uncertain — keys do not expire so there is no reason to keep an old certificate.

FlutterFlow's 'Call Cloud Function' action returns an 'UNAUTHENTICATED' error even when the user is logged in

Cause: The callable function checks context.auth, but the FlutterFlow 'Call Cloud Function' action is not sending the Firebase Auth token. This can happen if Authentication was not properly set up in the FlutterFlow project.

Solution: Verify that Firebase Authentication is connected in the FlutterFlow Firebase panel and that the user is fully logged in before the action runs. In the Action Flow Editor, add a conditional before the Cloud Function call that checks Authenticated User is not null. Also confirm the function is deployed as an HTTPS callable (functions.https.onCall) not a plain HTTPS trigger (functions.https.onRequest).

Best practices

  • Connect Firebase using the 'Auto-generate Config Files' button — never manually paste google-services.json or GoogleService-Info.plist into FlutterFlow, as manual files can become stale when you rotate keys or change project settings.
  • Enable Authentication before Firestore, then write Security Rules that reference request.auth.uid — this creates a linked auth+data model that is secure by construction.
  • Upgrade to Blaze only when you need a paid feature (Cloud Functions, phone auth, heavy traffic), and set a Google Cloud budget alert with an email notification the moment you do — Blaze has no default spending cap.
  • Use Firebase Cloud Functions as the mandatory proxy for every third-party secret key — never put Stripe sk_, OpenAI API keys, or service-role tokens in FlutterFlow API Calls headers or Dart constants.
  • Replace Firestore and Storage test-mode Security Rules before sharing the app with any external users — test-mode rules expire after 30 days and leave data publicly accessible until then.
  • Upload an APNs Authentication Key (not a certificate) in Firebase Project Settings before testing iOS push notifications — failing to do this is the most common reason FCM works on Android but not iOS.
  • Store Cloud Function secrets using Firebase Secret Manager (available via the Firebase console or the Functions SDK's defineSecret) rather than environment config — Secret Manager provides audit logs and rotation support.

Alternatives

Frequently asked questions

Do I need a Firebase account or a Google Cloud account — are they the same?

Firebase is built on top of Google Cloud, and your Firebase project IS a Google Cloud project. You only need one Google account. When you create a Firebase project at console.firebase.google.com, Google automatically creates a linked GCP project. Budget alerts and IAM permissions live in the Google Cloud console; Firebase-specific features live in the Firebase console.

Which Firebase services should I enable for a standard FlutterFlow app?

For most apps: enable Authentication (users need to log in) and Firestore (your main database). Add Storage if users upload photos or files. Add Cloud Functions when you need a secret-key proxy for third-party APIs or server-side business logic. Firebase Cloud Messaging is optional — only enable it if you are building push notifications. Start minimal and add services as you need them.

Can I use both Firebase and Supabase in the same FlutterFlow project?

FlutterFlow has native panels for both Firebase and Supabase, but using both backends simultaneously in a single project leads to complexity around auth state and data sync. A common pattern is to use Firebase Auth as the primary authentication system and call a Supabase REST endpoint via API Calls for specific data needs — but it is simpler to commit to one backend per project where possible.

Why does FlutterFlow need Owner or Editor access to my Firebase project — can I use Viewer?

FlutterFlow's auto-generate feature calls the Firebase Management API to download your project's config files and enable SDK services. The Firebase Management API requires Editor or Owner permissions. Viewer access only allows reading project metadata — it cannot generate or modify config files. There is no workaround for this requirement.

What happens to my app if I hit the Spark free tier limits?

If you exceed Spark tier daily limits (for example, 50K Firestore reads per day), Firebase will throttle or block the exceeding requests for the remainder of that day. Your app will show empty data or errors until midnight Pacific Time when the quota resets. Upgrade to Blaze before you expect traffic to consistently approach those limits, and set budget alerts to keep costs predictable.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire FlutterFlow integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.