Firebase's new guide to securing AI endpoints (firebase.blog)

Firebase published a practical guide and example app showing how to harden AI inference endpoints (here a virtual “try on” image generator) against abuse that can drive up costs or enable prompt-injection. The post walks through layered defenses — device attestation, replay protection, user authentication, per-user rate limits, and tight input schemas — and explains why each matters: App Check ensures requests come from real clients, limited-use tokens prevent replayed requests, auth checks gate access to verified users, rate limiting throttles per-hour usage, and restricting inputs (only accepting a product SKU) prevents users from supplying arbitrary images or prompts. Technically, the example ties App Check into request headers (X-Firebase-AppCheck) using getLimitedUseToken(appCheck) and server-side verifyToken(..., {consume:true}) to mark tokens as consumed. It extracts and verifies Firebase ID tokens (getAuth().verifyIdToken) to get uid and optionally check email_verified, implements a Firestore-backed rate limiter (MAX_REQUEST_PER_HOUR = 5) that counts requests in the last hour, and uses Genkit with Vertex AI models (gemini-2.5-flash and gemini-2.5-flash-image) to generate images. The pattern — attest client, consume single-use tokens, authenticate users, enforce quotas, and sanitize inputs — is broadly applicable for teams deploying costly or risky generative endpoints.