Update: The Firebase office is now located at 22 4th Street. See our contact page for details.
Last week Firebase moved into our new home at 188 King St in San Francisco. It's only a stone's throw away from our old office at 153 Townsend St, but it gives us a place to call our own and the room to expand that we'll need in 2013.
The space itself is a lofted apartment. It is zoned as both residential and commercial. This means we share the building with other startups, like Famo.us, Threadflip and Filepicker, and with private residents.
We're located across the street from AT&T Park, home of San Francisco's baseball team, the Giants.
The main floor is where we get the bulk of our work done.
It's great for collaboration and the high ceilings give it a great open feel. The view isn't too bad either:
We've put couches in the lofted section of the apartment and have covered the back wall with Idea Paint:
We're continuing our tradition of office hours every Friday from 4-6pm. Feel free to drop by and see our new home!
Today we’re excited to announce that we’re opening the Firebase Beta to all developers.Anyone can now create an account and begin building real-time apps in minutes.
For those unfamiliar with us, Firebase is a scalable, real-time backend. It helps developersbuild apps quickly by eliminating the hassle of data synchronization and server concerns.Here’s a 2 minute overview:
When we announced Firebase last April in an invite-only beta, it was still a young product.
Today, Firebase is a far more mature, battle-hardened product. We provide real-time data for hundreds of live apps,from sweet-and-simple apps like Scratchpad.io to major internet brandslike Twitch and Klout.
We are already synchronizing data for tens of millions of unique users every month;our infrastructure is powerful, reliable, redundant, and monitored.We’ve made major strides with our developer-facing pieces as well — adding SSL, authentication,a powerful Security API, a slew of new and improved API functions, and a large and growing library ofdocs, examples, and integrations. Our team, along with our community of developers, has grown as well.
As a result, we’re finally ready to open the Firebase gates — so go ahead,click “Sign Up” in the upper right and get started on your app.
So what can you do with the power of Firebase? Let’s ask one of our users! Meet Riley Dutton, one of the founders of Roll20:
You can read the full Roll20 case study here or check out our cases studies onSimTable and Wordspot.
Our goal with Firebase is to help developers build better apps faster. If you’d like to give us a shot,check out our 5 minute tutorial. We can’t wait to see what you build!
We’re constantly working to improve the security of Firebase-powered apps. To this end, starting on February 4th, we will be requiring that all Firebase database traffic uses SSL.
The following changes will take effect on February 4th:
To prepare for this switch, you must ensure that all Firebase database references in your apps begin with “https://”. This is especially important for apps that use the REST API or Node.js client, as they will no longer work after the switch is made.
We are making this change because we believe your data should be encrypted by default. This has become standard practice for leading technology products like Gmail, Facebook and Twitter, and we think it’s important for every Firebase app as well. By requiring SSL (and no longer supporting unencrypted traffic) we’re protecting developers from accidentally exposing their users’ private data.
Thanks for building your app with us and we look forward to serving you over the coming years. As always, comments and feedback are welcome.
When we launched in April, it was immediately clear that developers loved accessing their data directly from client-side JavaScript. Many people wondered, however, if data could ever be secured without running server-side code. “How do I secure my app?” was our most asked question.
We wanted to answer this right away, but security is so important that we didn’t want to announce anything until it was solid. Our requirements were clear: keep all of the parts that people love about Firebase -- real-time updates, easy development, scaling -- while adding enterprise-grade security. We've tested multiple approaches (with our awesome beta testers) and written a lot of code, and we're finally ready to show you our Security API.
We’re excited to say that not only have we met our requirements, but we believe we've built the most flexible security model of any cloud data service.
Watch our screencast for an overview:
The Big Picture
Building real-time apps is hard and scaling them is even harder. Firebase takes care of these complexities for you and lets you focus on building your app. Our new security model lets you build secure apps where clients talk directly to Firebase. This means that for many apps, you don’t need to write any server code, and it even makes running your own servers optional.
The Security API
The Firebase Security API consists of two key pieces:
1. Authentication
The authentication API lets you tell Firebase who a user is. We've designed this API to give you maximum flexibility, and we provide 3 easy methods for authenticating:
Update (October 3, 2014): Firebase Simple Login has been deprecated and is now part of the core Firebase library. Use these links to find the updated documentation for the web, iOS, and Android clients.
2. Security & Rules
Security and Firebase Rules tell Firebase which operations are permitted for a specific user. You upload these rules to Firebase when you deploy your app, and we enforce them consistently whenever data is accessed.
The rules are where the new API shines.
The rules themselves are simple JavaScript-like expressions. This means that you don't have to learn a new language to write them. They are also extremely flexible: you can compose your expressions using data already in a Firebase database, incoming data, auth credentials, current server time, and more.
Rules are stored as JSON on the Firebase servers. You can upload and edit them directly from our freshly redesigned graphical debugger, now called Forge:
Rules come in three flavors: read and write rules allow or deny operations when reading or writing, and validate rules enforce a specific schema on your data.
Below is an example set of rules. These rules were written for a website with user accounts, where anyone can read data, but users may only edit their own profiles. The rules also ensure that user data conforms to a specific schema:
{ "rules": { "users": { "$user": { ".read": "true", ".write": "$user == auth.username", ".validate": "newData.hasChildren([name])", "name": { ".validate": "newData.hasChildren([first, last])", }, "age": { ".validate": "newData.isNumber() && newData.val() >= 0" }, "about_me": { ".validate": "newData.isString()" } } } } }
The Firebase rules language is designed for performance and scale; its expression-based rules provides fast, predictable execution times and allow Firebase to optimize and cache the results of those expressions.
An important benefit of the Firebase security model is that it places all of your security logic in one place rather than sprinkling it around your code. Firebase then ensures that your logic is enforced consistently across all parts of your app, regardless of how data is accessed. This makes it very easy to reason about your app's security or do formal security audits. The rules also allow for static analysis, so mistakes can be caught immediately when new rules are uploaded.
For more rules details, see our documentation.
Implementation Details
When it comes to security, details matter, so we’ve taken great care with the little things. Specifically, Firebase:
(The list is actually much longer, but hopefully you get the idea). Our goal is to take care of all of the complex but mundane details of securing your app so that you can focus on your application logic and your customers (rather than, say, reading about the latest hash function vulnerabilities).
More Goodies
Security is not the only thing we’re announcing today! We’re also launching:
Wrapping Up
We're really excited to show you our security features. The whole team has put an incredible amount of work into making them easy-to-understand and easy-to- use, qualities we strive for in everything we release. We hope you will use these new features and give feedback to help us improve. If you don't have a beta code yet, you can request one here. Also look out for our public beta launch soon.
Here are some resources you can use to get started:
Now go and build something awesome!
Enjoy the holidays and happy coding,
The entire Firebase team was at AngelHack (silicon valley edition), hosted at the PayPal headquarters (a wonderful venue) in San Jose last weekend, and we had a blast! The event was well attended - we had printed over 400 beta invites and ran out in only an hour (we emailed codes to those who needed them later through the day). The morning of the first day was mostly used to let people recruit participants, organize teams and their ideas. We also had presentations by each of the sponsors (including Firebase), highlighting what they offered and how they could help everyone build their hacks.
We setup our (nice looking, I might add) booth and had some of the crew head out and offer help to all the teams, who were just getting started with some early ideas and designs. Later in the evening, we conducted a breakout session to answer questions and help everyone who had decided to use Firebase for their hack. Andrew Lee, our co-founder, stayed at the venue overnight to continue helping!
There were 85 hacks submitted to hackathon.io (a platform for organizing great hackathons, powered by Firebase!) at the end of the 2-day event. After all the teams got a chance to present, 4 were picked as finalists to go on to the next round, including Rohan Pai who built an amazing tool called FireMap that uses Firebase to generate real-time heatmaps for any website so you can observe your user's behavior. Congratulations Rohan!
Of the 85 submissions, 57 teams used one or more APIs to help build their hack. We're very proud that 25 teams ended up using Firebase to power some aspect of their hack, making us the #1 API used at the hackathon! As a token of our appreciation, every team that used Firebase received a fun lego set, and the top two teams both got an iPad mini each.
The first iPad went to the Reboxed team (along with a glamorous trophy), who built a very useful hack that lets you re-purpose your old phone to act as a sensor, so that you can, for example, attach a smoke detector and setup an alert that will send you an SMS or an email.
The second iPad went to the LevelUp team, who made a great a fitness app that acts as your personal trainer, suggesting exercises and motivating you to do more of them!
Filepicker.io, KeenIO, and Singly were some of the other popular APIs being used by the hackathon participants. API providers are certainly gaining wider adoption amongst the developer community, especially at a hackathon, where using something like Firebase lets you focus on what's really important - your product - instead of having to worry about the not-so-easy task of building a back-end to power it.
We had a great time, and are already looking forward to our next event!
