Persistent HTTP 400 (Bad Request) Errors with Identity Toolkit & Firestore Despite Correct Project ID & Enabled APIs

Hello Firebase Community,

I’m encountering a persistent issue with my Next.js and Firebase application that’s resulting in HTTP 400 errors when trying to make calls to identitytoolkit.googleapis.com (for authentication) and firestore.googleapis.com (for Firestore Listen/Write operations).

Project Context:

  • I’m using Next.js with the Firebase SDK (v11.8.0).
  • The goal is to use Firebase Authentication (Email/Password) and Cloud Firestore.
  • My firebaseConfig in the client-side application has a projectId in the format [PROJECT_NAME]-[NUMERIC_SUFFIX] (e.g., myproject-123456).
  • The apiKey used in the firebaseConfig was obtained from my Firebase project settings in the Firebase Console.

Observed Issues (Browser Console Logs):

  1. Failed to load resource: the server responded with a status of 400 () for calls such as:
  • identitytoolkit.googleapis.com/v1/accounts:lookup?key=AIza... (API Key partially obscured)
  • (and similar for signInWithPassword, signUp)
  1. GET/POST https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?... 400 (Bad Request)
  2. GET/POST https://firestore.googleapis.com/google.firestore.v1.Firestore/Write/channel?... 400 (Bad Request)
  3. Consequently, I’m receiving FirebaseError: Missing or insufficient permissions. errors when trying to read data from Firestore, even though my security rules should allow access for authenticated users.
  4. Logs like [AuthContext] User document for UID ... not found in Firestore during onSnapshot. Using Auth data as fallback. are also appearing, indicating that reading the user document is failing.

Troubleshooting Steps Already Taken:

  • I’ve confirmed that the projectId in my firebaseConfig exactly matches the full “Project ID” displayed in the Firebase Console project settings (format [PROJECT_NAME]-[NUMERIC_SUFFIX]).
  • In the Google Cloud Console, for the project with ID [PROJECT_NAME]-[NUMERIC_SUFFIX]:
    • The “Identity Toolkit API” is ENABLED.
    • The “Cloud Firestore API” is ENABLED.
  • In the Firebase Console, the “Email/Password” authentication provider is ENABLED.
  • Firestore security rules have been simplified for testing, allowing read/write for authenticated users (e.g., allow read, write: if request.auth != null;), but the 400 errors persist, suggesting the issue occurs before rule evaluation.
  • Crucial Point: In the Google Cloud Console, under “APIs & Services” > “Credentials” for the project [PROJECT_NAME]-[NUMERIC_SUFFIX], the API Key that is in my firebaseConfig is not listed. The “API Keys” section shows “No API keys to display.”
  • I’ve tried removing all restrictions (application and API restrictions) from other API keys that existed in the GCP project (though they were not the firebaseConfig key) and waited for propagation, without success.
  • Cleared browser cache, cookies, tested in incognito mode, and recreated test users multiple times.

My Main Suspicion: I believe the root problem is that the apiKey specified in my firebaseConfig (and provided by the Firebase Console) is not correctly provisioned or recognized within the Google Cloud Platform for the projectId [PROJECT_NAME]-[NUMERIC_SUFFIX].

Questions for the Community:

  1. Has anyone encountered a similar issue where the Firebase apiKey doesn’t appear or work correctly in GCP, even with the correct projectId and enabled APIs?
  2. Are there any additional apiKey configuration steps in GCP that I might have missed, especially for an existing or newly set up Firebase project?
  3. Is there a way to force a “resync” of apiKey settings between the Firebase Console and Google Cloud Console?
  4. Any suggestions on how to better debug the exact cause of the “Bad Request” error coming from these Google APIs, beyond the browser console information?

Any help or guidance would be immensely appreciated, as I’m currently blocked by this issue.

Thank you!