Connect
Optimize
Secure
Live 40 Actions
Firebase MCP Server
for AI Agents
StackOne's Firebase MCP server gives AI agents 40 ready-to-use actions for Firebase — with built-in authentication, security, governance, token efficiency, and high tool-calling accuracy.
Firebase MCP Server
Built by 
StackOne
StackOne 
Coverage
40 Agent Actions
Create, read, update, and delete across Firebase — and extend your agent's capabilities with custom actions.
Authentication
Agent Tool Authentication
Per-user OAuth in one call. Your Firebase MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →
Security
Agent Protection
Every Firebase tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →
Performance
Max Agent Context. Min Cost.
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Firebase call.
Tools Discovery →What is the Firebase MCP Server?
A Firebase MCP server lets AI agents read and write Firebase data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Firebase MCP server ships with 40 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
All Firebase MCP Tools and Actions
Every action from Firebase's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Users
- Create User
Create a new Firebase Authentication user in a project.
- List Users
List all Firebase Authentication users in a project.
- Query Users
Query Firebase Authentication users with filters and sorting.
- Update User
Update a Firebase Authentication user's profile, email, password, status, or MFA enrollment.
- Batch Delete Users
Bulk delete up to 1000 Firebase Authentication users.
- Delete User
Delete a Firebase Authentication user from a project.
Documents
- Create Document
Create a new document in a Firestore collection.
- List Documents
List documents in a Firestore collection.
- Get Document
Get a single Firestore document by its full resource name.
- Update Document
Update or create a Firestore document.
- Delete Document
Delete a Firestore document.
Projects
- List Projects
List all Firebase projects associated with the connected Google account.
- Get Project
Get a specific Firebase project by project ID.
- Update Project
Update a Firebase project's display name or custom annotations.
Android Apps
- Create Android App
Register a new Android app in a Firebase project.
- List Android Apps
List all Android apps registered in a Firebase project.
- Get Android App
Get a specific Android app by app ID.
- Update Android App
Update an Android app's display name or API key association.
- Remove Android App
Remove (soft-delete) an Android app from a Firebase project.
Web Apps
- Create Web App
Register a new web app in a Firebase project.
- List Web Apps
List all web apps registered in a Firebase project.
- Get Web App
Get a specific web app by app ID.
- Update Web App
Update a web app's display name, app URLs, or API key association.
- Remove Web App
Remove (soft-delete) a web app from a Firebase project.
SHA Certificates
- Create SHA Certificate
Add a SHA certificate hash to an Android app.
- List SHA Certificates
List all SHA certificate hashes registered for an Android app.
Remote Configs
- Get Remote Config
Retrieve the active (or a specific version of the) Remote Config template for a Firebase project.
- Update Remote Config
Publish a new Remote Config template version for a Firebase project.
Other (12)
- Send Message
Send a push notification to a device, topic, or condition via Firebase Cloud Messaging.
- List Available Projects
List GCP projects available to have Firebase resources added.
- Get Analytics Details
Get Google Analytics details linked to a Firebase project.
- Search Apps
Search across all Firebase apps in a project (Android and Web — iOS apps still appear in the response but are not exposed as dedicated actions in this connector).
- Get Android App Config
Get the project-level google-services.json configuration file.
- Get Web App Config
Get the Firebase config JSON for a web app.
- List Remote Config Versions
List up to 300 most recent Remote Config template versions.
- Lookup User
Look up one or more Firebase Authentication users by UID, email, phone number, or federated identity.
- Run Query
Run a structured query against a Firestore collection or collection group.
- Undelete Android App
Restore a previously soft-deleted Android app to ACTIVE state.
- Undelete Web App
Restore a previously soft-deleted web app to ACTIVE state.
- Rollback Remote Config
Roll back the Remote Config template to a previous version.
Set Up Your Firebase MCP Server in Minutes
One endpoint. Any framework. Your agent is talking to Firebase in under 10 lines of code.
MCP Clients
Agent Frameworks
JSON{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}Firebase MCP Server Resources
MCP Code Mode: Keeping Tool Responses Out of Agent Context
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
Indirect Prompt Injection Defense for MCP Tools: A Technical Guide
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
Firebase MCP Server FAQ
Firebase MCP server vs direct API integration — what's the difference?
A Firebase MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Firebase. A Firebase MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Firebase at runtime. StackOne provides both.
How does Firebase authentication work for AI agents?
Firebase authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Firebase account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via
origin_owner_id.Are Firebase MCP tools vulnerable to prompt injection?
Yes — Firebase MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Firebase agent and how do I avoid it?
Context bloat happens when Firebase tool schemas and API responses eat your Firebase agent's memory, preventing it from reasoning effectively. A single Firebase query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Firebase agent can access?
Yes — you can limit which actions your Firebase agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Firebase MCP server?
Yes — you can create custom agent actions for your Firebase MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Firebase's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Firebase MCP server?
Skip a Firebase MCP server if your integration is purely software-to-software — direct Firebase API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Firebase actions at runtime.
What AI frameworks and AI clients does the StackOne Firebase MCP server support?
The StackOne Firebase MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.
Put your AI agents to work
All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.