It’s for verify the firebase app token in the backend, in Android and iOS use offical sdk to generate the token, send it in header in every http request using your http client library