Go to console

Firebase Database REST API

API Usage

You can use any Firebase Database URL as a REST endpoint. All you need to do is append .json to the end of the URL and send a request from your favorite HTTPS client.

HTTPS is required. Firebase only responds to encrypted traffic so that your data remains safe.

GET - Reading Data

Data from your Realtime Database can be read by issuing an HTTP GET request to an endpoint. The following example demonstrates how you might retrieve a user's name that you had previously stored in Realtime Database.

curl 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json'

A successful request is indicated by a 200 OK HTTP status code. The response contains the data associated with the path in the GET request.

{ "first": "Jack", "last": "Sparrow" }

PUT - Writing Data

You can write data with a PUT request.

curl -X PUT -d '{ "first": "Jack", "last": "Sparrow" }' \

A successful request is indicated by a 200 OK HTTP status code. The response contains the data specified in the PUT request.

{ "first": "Jack", "last": "Sparrow" }

POST - Pushing Data

To accomplish the equivalent of the JavaScript push() method (see Lists of Data), you can issue a POST request.

curl -X POST -d '{"user_id" : "jack", "text" : "Ahoy!"}' \

A successful request is indicated by a 200 OK HTTP status code. The response contains the child name of the new data specified in the POST request.

{ "name": "-INOQPH-aV_psbk3ZXEX" }

PATCH - Updating Data

You can update specific children at a location without overwriting existing data using a PATCH request. Named children in the data being written with PATCH are overwritten, but omitted children are not deleted. This is equivalent to the JavaScript update() function.

curl -X PATCH -d '{"last":"Jones"}' \

A successful request is indicated by a 200 OK HTTP status code. The response contains the data specified in the PATCH request.

{ "last": "Jones" }

DELETE - Removing Data

You can delete data with a DELETE request:

curl -X DELETE \

A successful DELETE request is indicated by a 200 OK HTTP status code with a response containing JSON null.

Method Override

If you make REST calls from a browser that does not support the preceding methods, you can override the request method by making a POST request and setting your method by using the X-HTTP-Method-Override request header.

curl -X POST -H "X-HTTP-Method-Override: DELETE" \

You can also use the x-http-method-override query parameter.

curl -X POST \

Conditional Requests

Conditional requests, the REST equivalent of SDK transaction operations, update data according to a certain condition. See an overview of the workflow and learn more about conditional requests for REST in Saving Data.

Firebase ETag

The Firebase ETag is the unique identifier for the current data at a specified location. If the data changes at that location, the ETag changes, too. The Firebase ETag must be specified in the header for the initial REST request (typically a GET, but can be anything other than PATCH).

curl -i 'https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json' -H 'X-Firebase-ETag: true'


The if-match condition specifies the ETag value for the data you want to update. If you use the condition, Realtime Database only completes requests where the ETag specified in the write request matches the ETag of the existing data in the database. Fetch the ETag at a location with a Firebase ETag request. If you want to overwrite any location that's null, use null_etag.

curl -iX PUT -d '11' 'https://[PROJECT_ID].firebaseio.com/posts/12345/upvotes.json' -H 'if-match: [ETAG_VALUE]'

Expected responses

The following table provides an overview of the expected responses for each request type, based on the ETag match.

Request Type ‘X-Firebase-ETag: true' ETag matches
if_match: <matching etag>
ETag doesn't match
if_match: <no matching etag>
GET Response Status/Content 200: "<data_at_path>" 400: "...not supported.." 400: "...not supported.."
Added Headers ETag: <ETag_of_data> N/A N/A
PUT Response Status/Content 200: "<put_data>" 200: "<put_data>" 412: "...ETag mismatch.."
Added Headers ETag: <ETag_of_put_data> N/A ETag: <database_ETag>
POST Response Status/Content 200: "<post_data>" 400: "...not supported.." 400: "...not supported.."
Added Headers ETag: <ETag_of_post_data> N/A N/A
PATCH Response Status/Content 400: "...not supported.." 400: "...not supported.." 400: "...not supported.."
Added Headers N/A N/A N/A
DELETE Response Status/Content 200: null 200: "<data_after_put>" 412: "...ETag mismatch.."
Added Headers ETag: <ETag_of_null> N/A ETag: <database_ETag>

Query Parameters

The Firebase Database REST API accepts the following query parameters and values:


Supported by all request types. Authenticates this request to allow access to data protected by Firebase Realtime Database Rules. See the REST authentication documentation for details.

curl 'https://[PROJECT_ID].firebaseio/users/jack/name.json?access_token=CREDENTIAL'


This is an advanced feature, designed to help you work with large datasets without needing to download everything. Set this to true to limit the depth of the data returned at a location. If the data at the location is a JSON primitive (string, number or boolean), its value will simply be returned. If the data snapshot at the location is a JSON object, the values for each key will be truncated to true.

Arguments REST Methods Description
shallow GET Limit the depth of the response.
curl 'https://[PROJECT_ID].firebaseio/.json?shallow=true'

Note that shallow cannot be mixed with any other query parameters.


Formats the data returned in the response from the server.

Arguments REST Methods Description
pretty GET, PUT, POST, PATCH, DELETE View the data in a human-readable format.
silent GET, PUT, POST, PATCH Used to suppress the output from the server when writing data. The resulting response will be empty and indicated by a 204 No Content HTTP status code.
curl 'https://[PROJECT_ID].firebaseio.com/users/jack/name.json?print=pretty'
curl -X PUT -d '{ "first": "Jack", "last": "Sparrow" }' \


Supported by GET only. To make REST calls from a web browser across domains, you can use JSONP to wrap the response in a JavaScript callback function. Add callback= to have the REST API wrap the returned data in the callback function you specify.

  function gotData(data) {
<script src="https://[PROJECT_ID].firebaseio.com/.json?callback=gotData"></script>


If set to export, the server will encode priorities in the response.

Arguments REST Methods Description
export GET Include priority information in the response.
curl 'https://[PROJECT_ID].firebaseio.com/.json?format=export'


Supported by GET only. If you would like to trigger a file download of your data from a web browser, add download=. This causes the REST service to add the appropriate headers so that browsers know to save the data to a file.

curl 'https://[PROJECT_ID].firebaseio/.json?download=myfilename.txt'


Use this to limit how long the read takes on the server side. If a read request doesn't finish within the allotted time, it terminates with an HTTP 400 error. This is particularly useful when you expect a small data transfer and don't want to wait too long to fetch a potentially huge subtree. Actual read time might vary based on data size and caching.

Specify timeouts using the following format: 3ms, 3s, or 3min, with a number and a unit. If not specified, the maximum timeout of 15min will be applied. If the timeout is not positive, or exceeds the maximum, the request will be rejected with an HTTP 400 error.


To limit the size of a write, you can specify the writeSizeLimit query parameter as tiny (target=1s), small (target=10s), medium (target=30s), large (target=60s). Realtime Database estimates the size of each write request and aborts requests that will take longer than the target time.

If you specify unlimited, exceptionally large writes (with up to 256MB payload) are allowed, potentially blocking subsequent requests while the database processes the current operation. Writes cannot be canceled once they reach the server.

curl -X DELETE 'https://docs-examples.firebaseio.com/rest/delete-data.json?writeSizeLimit=medium'

You will see the following error message if the write is too big:

Error: WRITE_TOO_BIG: Data to write exceeds the maximum size that can be modified with a single request.

Additionally, you can set the defaultWriteSizeLimit for the whole database instance using the Firebase CLI. This limit applies to all requests, including those from SDKs. New databases are created with defaultWriteSizeLimitset to large. You can't set defaultWriteSizeLimit to tiny using the Firebase CLI.

firebase database:settings:set defaultWriteSizeLimit large


See the section in the guide on ordered data for more information.

limitToFirst, limitToLast, startAt, endAt, equalTo

See the section in the guide on filtering data for more information.

Streaming from the REST API

Firebase REST endpoints support the EventSource / Server-Sent Events protocol. To stream changes to a single location in your Realtime Database, you need to do a few things:

  • Set the client's Accept header to "text/event-stream"
  • Respect HTTP Redirects, in particular HTTP status code 307
  • If the location requires permission to read, you must include the auth parameter

In return, the server will send named events as the state of the data at the requested URL changes. The structure of these messages conforms to the EventSource protocol.

event: event name
data: JSON encoded data payload

The server may send the following events:


The JSON-encoded data is an object with two keys: path and data. The path key points to a location relative to the request URL. The client should replace all of the data at that location in its cache with data.


The JSON-encoded data is an object with two keys: path and data. The path key points to a location relative to the request URL. For each key in data, the client should replace the corresponding key in its cache with the data for that key in the message.


The data for this event is null. No action is required.


Some unexpected errors can send a `cancel` event and terminate the connection. The cause is described in the data provided for this event. Some potential causes are as follows: 1. The Firebase Realtime Database Rules no longer allow a read at the requested location. The `data` description for this cause is "Permission denied." 2. A write triggered an event streamer that sent a large JSON tree that exceeds our limit, 512MB. The `data` for this cause is "The specified payload is too large, please request a location with less data."


The data for this event is a string indicating that a the credential has expired. This event is sent when the supplied auth parameter is no longer valid.

Here's an example set of events that the server may send:

// Set your entire cache to {"a": 1, "b": 2}
event: put
data: {"path": "/", "data": {"a": 1, "b": 2}}

// Put the new data in your cache under the key 'c', so that the complete cache now looks like:
// {"a": 1, "b": 2, "c": {"foo": true, "bar": false}}
event: put
data: {"path": "/c", "data": {"foo": true, "bar": false}}

// For each key in the data, update (or add) the corresponding key in your cache at path /c,
// for a final cache of: {"a": 1, "b": 2, "c": {"foo": 3, "bar": false, "baz": 4}}
event: patch
data: {"path": "/c", "data": {"foo": 3, "baz": 4}}


Priority information for a location can be referenced with a "virtual child" named .priority. You can read priorities with GET requests and write them with PUT requests. For example, the following request retrieves the p