Skip to main content

Overview

PixelTech Colombia uses Firebase as its backend infrastructure, including Firestore, Authentication, Cloud Functions, Hosting, and Storage. This guide walks you through setting up a new Firebase project.

Creating a Firebase Project

1

Create Project in Firebase Console

  1. Go to the Firebase Console
  2. Click Add project
  3. Enter your project name (e.g., pixeltech-colombia)
  4. Configure Google Analytics (optional but recommended)
  5. Click Create project
2

Register Your Web App

  1. In the Firebase Console, click the Web icon (</>)
  2. Register your app with a nickname
  3. Enable Firebase Hosting for this app
  4. Copy the Firebase configuration object - you’ll need this for your frontend
3

Install Firebase CLI

If you haven’t already, install the Firebase CLI globally:
npm install -g firebase-tools
4

Login and Initialize

Login to Firebase and link your local project:
firebase login
firebase use --add
Select your newly created project and give it an alias (e.g., production).

Enabling Firebase Services

Firestore Database

1

Enable Firestore

  1. In Firebase Console, go to Firestore Database
  2. Click Create database
  3. Start in Production mode (we’ll deploy custom rules)
  4. Select the location: nam5 (US Central - matches your config)
2

Deploy Firestore Configuration

Your project includes pre-configured Firestore rules and indexes. Deploy them:
firebase deploy --only firestore:rules
firebase deploy --only firestore:indexes
The security rules define access control for:
  • Users: Read/write own data, admins can access all
  • Products: Public read, admin write, authenticated users can update stock
  • Orders: Create validation, users can read own orders
  • Categories & Brands: Public read, admin write
  • Warranties: Users can create, read own warranties
  • Chats: Admin only access

Authentication

1

Enable Authentication Providers

  1. Go to Authentication > Sign-in method
  2. Enable the following providers:
    • Email/Password: For admin and customer accounts
    • Google (optional): For social login
    • Anonymous (optional): For guest checkout tracking
2

Configure Authorized Domains

Add your production domain to the authorized domains list:
  1. Go to Authentication > Settings > Authorized domains
  2. Add your custom domain (e.g., pixeltech.com.co)

Cloud Storage

1

Enable Cloud Storage

  1. In Firebase Console, go to Storage
  2. Click Get started
  3. Use Production mode (we’ll deploy custom rules)
  4. Select the same location as Firestore
2

Deploy Storage Rules

Deploy the pre-configured storage security rules:
firebase deploy --only storage
Storage rules allow:
  • Products, Banners, Categories, Brands: Public read, authenticated write
  • Warranties: Authenticated users can read/write
  • Invoices: Authenticated users only
  • Chats: Public read (for WhatsApp), authenticated write
3

Configure CORS (Optional)

If you need to access Storage from external domains, configure CORS:Create a cors.json file:
[
  {
    "origin": ["https://your-domain.com"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]
Apply it using gsutil:
gsutil cors set cors.json gs://your-project-id.appspot.com

Cloud Functions

1

Upgrade to Blaze Plan

Cloud Functions require the Blaze (pay-as-you-go) plan:
  1. Go to Firebase Console > Upgrade
  2. Select the Blaze plan
  3. Set up billing alerts (recommended)
The Blaze plan includes a generous free tier. You only pay for usage beyond the free quota.
2

Configure Service Account

For production deployments, set up a service account:
  1. Go to Google Cloud Console
  2. Select your Firebase project
  3. Navigate to IAM & Admin > Service Accounts
  4. Create a service account with these roles:
    • Firebase Admin
    • Cloud Functions Developer
  5. Generate and download a JSON key
3

Set Environment Variables

Set secret environment variables for Cloud Functions:
# MercadoPago
firebase functions:secrets:set MP_ACCESS_TOKEN

# ADDI
firebase functions:secrets:set ADDI_CLIENT_ID
firebase functions:secrets:set ADDI_CLIENT_SECRET

# Sistecrédito
firebase functions:secrets:set SC_API_KEY
firebase functions:secrets:set SC_APP_KEY
firebase functions:secrets:set SC_APP_TOKEN

# Email (SMTP)
firebase functions:secrets:set SMTP_HOST
firebase functions:secrets:set SMTP_PORT
firebase functions:secrets:set SMTP_EMAIL
firebase functions:secrets:set SMTP_PASSWORD

# WhatsApp
firebase functions:secrets:set WHATSAPP_VERIFY_TOKEN
firebase functions:secrets:set WHATSAPP_API_TOKEN
firebase functions:secrets:set WHATSAPP_PHONE_ID
For production, always use firebase functions:secrets:set instead of .env files. Secrets are encrypted and more secure.

Firebase Hosting

1

Review Hosting Configuration

The firebase.json file includes hosting configuration:
{
  "hosting": {
    "public": "public",
    "rewrites": [
      {
        "source": "/sitemap.xml",
        "function": "sitemap"
      },
      {
        "source": "/google-feed.xml",
        "function": "generateProductFeed"
      },
      {
        "source": "**",
        "destination": "/index.html"
      }
    ]
  }
}
This configuration:
  • Serves static files from the public/ directory
  • Routes /sitemap.xml to a Cloud Function
  • Routes /google-feed.xml to a Cloud Function for Google Merchant
  • Implements SPA routing (all routes serve index.html)
2

Configure Custom Domain (Optional)

To use a custom domain:
  1. Go to Hosting > Add custom domain
  2. Enter your domain name
  3. Follow the DNS configuration instructions
  4. Firebase automatically provisions an SSL certificate

Firebase Configuration File

Your firebase.json defines the complete Firebase configuration:
firebase.json
{
  "hosting": {
    "public": "public",
    "rewrites": [...],
    "headers": [
      {
        "source": "**",
        "headers": [
          {
            "key": "Content-Security-Policy",
            "value": "default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; ..."
          }
        ]
      }
    ]
  },
  "functions": {
    "source": "functions"
  },
  "firestore": {
    "database": "(default)",
    "location": "nam5",
    "rules": "firestore.rules",
    "indexes": "firestore.indexes.json"
  },
  "storage": {
    "rules": "storage.rules"
  },
  "emulators": {...}
}

Firestore Indexes

The project includes a firestore.indexes.json file for composite indexes:
firestore.indexes.json
{
  "indexes": [],
  "fieldOverrides": []
}
As your application grows, Firestore will suggest indexes for complex queries. Add them to this file and deploy with: 
firebase deploy --only firestore:indexes

Security Best Practices

Create your first admin user:
  1. Create a user via Firebase Console > Authentication
  2. Manually add a document in Firestore at /users/{userId} with:
{
  "role": "admin",
  "email": "[email protected]",
  "createdAt": <timestamp>
}
  • Your Firebase API key is safe to include in frontend code
  • Security is enforced by Firestore and Storage rules, not the API key
  • Use Firebase App Check for additional protection against abuse
  • Never commit secrets to version control
  • Use firebase functions:secrets:set for production secrets
  • Use .env files only for local development
  • Rotate secrets regularly, especially payment gateway credentials

Monitoring and Analytics

Enable Cloud Monitoring

  1. Go to Google Cloud Console
  2. Enable Cloud Monitoring API
  3. Create alerts for:
    • Function execution errors
    • High latency
    • Budget thresholds

Firebase Analytics

If you enabled Google Analytics during project creation:
  • View user engagement in Firebase Console > Analytics
  • Track e-commerce events (product views, purchases, etc.)
  • Monitor conversion funnels

Next Steps

Environment Setup

Set up your local development environment

Deployment

Deploy your application to production

Build docs developers (and LLMs) love

Get started for freeTalk to us