Ah this is super helpful - thanks

best article i've seen in a long time! thanks a lot for the thorough explanation

OMG this should be documented by Firebase. It is so unbelievably hard to find this basic information. Maybe Google just wants us to call getDownloadURL() every time so the $$ keep racking up?!

It's really a very good explanation. I have spend all day to fins how can I get firebase download url from firebase admin SDK.

Thanks alot.

This is a fantastic guide, thank you very much for taking the time to write it.

Google should pay you to do their firebase documentation!

This is literally the most helpful thing about cloud storage in the web

Great article sentinel. Incredible that Firebase is seemingly incapable of or uninterested in documenting its own product and leaves it in the hands of outsiders. Thank you for filling in the gap!

Most helpful. thank you

Wow! What a read. Thanks for sharing buddy!

Bravo

Thanks for the detail info.

Thank you for this very clear information. I have one remaining question: Are public file download urls indexable by search engines?

Thanks for the comment! Download URLs are indexable by search engines if they're discoverable. If Google indexes a website that contains links (e.g. img tags) to Firebase storage objects, those may get indexed as well. But if your download URLs are never shared, Google won't find them.

Thank you. Very helpful. When does the download token expire?

Firebase added getDownloadURL to admin SDK
https://firebase.google.com...

everytime I load an image if call getDownloadUrl on the image and all resized versions too. It's a bit slow sometimes though, should I check if there is a valid token first and skip getDownloadUrl? Or does the function do that itself

This is extremely useful, thank you for putting the time to document this.

Is this post outdated regarding getSignedURL, because i didn't found reference in documentation about function?

Hi!
Reference (NodeJS): https://googleapis.dev/node...
Example: https://cloud.google.com/st...

Hi, thanks for good article. I follow you steps to getSignedUrl in cloud function but I get an error "{ Error: The caller does not have permission\n at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:112:23)\n at process._tickCallback (internal/process/next_tick.js:68:7) name: 'SigningError' }"}}"

My firebase-adminsdk service account has roles assigned:
Firebase Admin SDK Administrator Service Agent
Service Account Token Creator
Storage Admin

Any suggestions?

You need to set Service Account Token Creator on `<project-id>@appspot.gserviceaccount.com`, not on `firebase-adminsdk`. See also https://stackoverflow.com/q...

Very nice article.
Could you please give an example about calling your function : createPersistentDownloadUrl ? I am a bit confuse about how to set the function parameters.

This is so helpful!
Is a file with a public URL equally secure as a private file with a firebase token and a download URL, if there is an uuid4 token in the filename or path of the file? This way one wouldn't need to use firebase to achieve similar functionalities of secure permanent URLs. Is there a problem in my logic?

Thanks for the comment!

You're right. Even though a download URL looks more obscure, it's equally accessible (though, perhaps, harder to guess).

However, there's one key difference: using Firebase download URLs you can change the token (UUIDv4) if you want to remove access to the file. If you do so, the file's URL will change, and no one will know about it until you share it. The old URL will return a "permission denied" error. This might be good reason to use download URLs.