Production checklist for using Firebase AI Logic

Stay organized with collections Save and categorize content based on your preferences.

When you're ready to launch your app and have real end users interact with your generative AI features, make sure to review this checklist of best practices and important considerations.

General

Review the general launch checklist for apps that use Firebase

This Firebase launch checklist describes important best practices before launching any Firebase app to production.

Make sure your Firebase projects follow best practices

For example, make sure that you use different Firebase projects for development, testing, and production. Review more best practices for managing your projects.

Access and security

Review the general security checklist for apps that use Firebase

This security checklist describes important best practices for access and security for Firebase apps and services.

Start enforcing Firebase App Check

App Check helps protect the APIs that access the Gemini and Imagen models by verifying that requests are from your actual app. It supports attestation providers for Apple platforms (DeviceCheck or App Attest), Android (Play Integrity), and Web (reCAPTCHA Enterprise).

Set up restrictions for your Firebase API keys

• Review each Firebase API key's "API restrictions" allowlist:

  • Make sure that the Firebase AI Logic API is in the allowlist.

  • Make sure that the only other APIs in the key's allowlist are for Firebase services that you use in your app. See the list of which APIs are required to be on the allowlist for each product.

• Set "Application restrictions" to help restrict usage of each Firebase API key to only requests from your app (for example, a matching bundle ID for the Apple app). Note that even if you restrict your key, Firebase App Check is still strongly recommended.

Note that Firebase-related APIs use API keys only to identify the Firebase project or app, not for authorization to call the API.

Billing, monitoring, and quota

Avoid surprise bills

If your Firebase project is on the pay-as-you-go Blaze pricing plan, then monitor your usage and set up budget alerts.

Set up AI monitoring in the Firebase console

Only available when using the Vertex AI Gemini API as your API provider.

Set up AI monitoring to observe various metrics and dashboards in the Firebase console to gain comprehensive visibility into your requests from the Firebase AI Logic SDKs.

Review your quotas for the required underlying APIs

• Make sure that you understand the quotas for each required API.

• Set rate limits per user (the default is 100 RPM).

• Edit quota or request a quota increase, as needed.

Management of configurations

Use a stable model version in your production app

In your production app, only use stable model versions (like gemini-2.0-flash-001), not a preview or experimental version or an auto-updated alias.

Even though an auto-updated stable alias points to a stable version, the actual model version it points to will automatically change whenever a new stable version is released, which could mean unexpected behavior or responses. Also, preview and experimental versions are only recommended during prototyping.

Set up and use Firebase Remote Config

With Remote Config, you can control important configurations for your generative AI feature in the cloud rather than hard-coding values in your code. This means that you can update your configuration without releasing a new version of your app. You can do a lot with Remote Config, but here are the top values that we recommend you control remotely for your generative AI feature:

• Keep your app up-to-date.

  • Model name: Update the model your app uses as new models are released or others are discontinued.

• Adjust values and inputs based on client attributes, or to accommodate feedback from testing or users.

  • Model configuration: Adjust the temperature, max output tokens, and more.

  • Safety settings: Adjust safety settings if too many responses are getting blocked or if users report harmful responses.

  • System instructions and any prompts that you provide: Adjust the additional context that you're sending to the model to steer its responses and behavior. For example, you might want to tailor prompts for specific client types, or personalize prompts for new users that differ from those used to generate responses for existing users.

You could also optionally set a minimum_version parameter in Remote Config to compare the app's current version with the Remote Config-defined latest version, to either show an upgrade notification to users or force users to upgrade.

Set the location for accessing the model

Only available when using the Vertex AI Gemini API as your API provider.

Setting a location for accessing the model can help with costs as well as help prevent latency for your users.

If you don't specify a location, the default is us-central1. You can set this location during initialization, or you can optionally use Firebase Remote Config to dynamically change the location based on each user's location.