App Check (FireBase) - App Inventor App

Hi everyone! I developed this app of mine that allows me to view in a list all the users who have signed up through my site, and to send me a notification if there is a new member. However, now, I've gotten to the point of securing my database via AppCheck and ensuring that data write and read requests (I'd mostly prefer read) can only happen from a specific app or web app...
Everything seemed to work perfectly, in fact on my site the script I added and the configuration allowed me to write data coming only from my domain to Firebase, unfortunately however since I added these security rules my app has no longer downloaded and read the data, since its requests are extraneous.
However, I think this problem can be solved simply server-side on Firebase and avoid messing with the code, however I have no idea how this can be done... I think the topic is about the SDK!

Thank you all for your time! I love you

Provide an example of the secure rules you have in place

and what exactly did you do with AppCheck, and why ?

It sounds like you need to unenforce and reconsider the enforcement requirements...for example, what is a verified request (not just requests from your own domain...)

It is worth noting that an AppInventor app often falls into the cracks between what Google/Firebase understand as an Android app and a web app.

the rules are
write: true
read: true,
with app check you just register the domain in short, for apps it's a little different

On My database firebase i have this rules

"rules": {
".read": "auth.token === 'SECRET_PASSWORD'",
".write": true

so for read data you have to pass with this token, for a GET Response the query is


so in FireBaseURL i have to insert this link, but it give me an error, so i think that it exist because the query is not correct, can u help me?

for now forget what I wrote before, I removed all the controls via app check, and I only and exclusively wanted to protect my firebase database with more specific rules, and I added the following as I wrote before. However, now I need the right get request to access the data to be able to read the data, and I need the famous "SECRET_KEY" to access it by passing this password as a query

Not sure how you do this with the REST API.

You may have to put the appCheck key in your request headers.

I would suggest you do some searching, or ask the the question, on StackOverFlow