It seems Firebase Database Security Rules API <https://firebase.google.com/docs/reference/security/database/#authtoken> can be used to set rules to limit/grant access to their DB. For example, developers can restrict access to only emails coming from your domain <https://firebase.google.com/docs/reference/security/database/#authtoken> or craft a rule which only allows users if their email is whitelisted <https://firebase.google.com/docs/reference/security/database/#replacesubstring_replacement> .
For GAE, users can restrict IP addresses using Firewall rules <https://cloud.google.com/appengine/docs/standard/python/creating-firewalls> or configure your app to only allow access by admin users <https://cloud.google.com/appengine/docs/standard/python/config/appref> (GAE Standard only). -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/b1a98a96-b26b-46d9-9119-38413e83b0b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.