Skip to main content
Image

r/Firebase


Can't update custom action URL in Auth email templates —EMAIL_TEMPLATE_UPDATE_NOT_ALLOWED (Identity Platform project)
Can't update custom action URL in Auth email templates —EMAIL_TEMPLATE_UPDATE_NOT_ALLOWED (Identity Platform project)
Authentication

Hey everyone, been banging my head against this for a while and can't find

anyone with the same issue online.

**The problem:** Every time I try to set a custom action URL in

Authentication > Templates, I get this error:

EMAIL_TEMPLATE_UPDATE_NOT_ALLOWED (400 INVALID_ARGUMENT)

Tried it from the Firebase Console UI and also via direct API call

(PATCH to identitytoolkit.googleapis.com/v2/projects/{id}/config) —

same error both ways.

**What I already ruled out:**

- Domain IS in the authorized domains list

- Custom SMTP is disabled

- No multi-tenancy

- Custom sender domain (noreply@mydomain.com) works fine

- Not a permissions issue — the API returns 400 not 403

- Tried multiple URL formats and subdomains

**Context:**

- Project uses Firebase Auth **with Identity Platform** enabled

- Emails send correctly from the custom domain

- But links in emails still go to firebaseapp.com instead of my domain

Has anyone run into this? Is it a known bug with Identity Platform projects?


Advertisement: When everything lines up, you move. Take advantage of our best pricing from the moment you fund through the rest of the month plus 60 additional days. Trade futures at $0.50 per contract and get up to $3,500 in rewards. No waiting. No ramp up period. Are you in? Limited time only.
When everything lines up, you move. Take advantage of our best pricing from the moment you fund through the rest of the month plus 60 additional days. Trade futures at $0.50 per contract and get up to $3,500 in rewards. No waiting. No ramp up period. Are you in? Limited time only.
Image When everything lines up, you move. Take advantage of our best pricing from the moment you fund through the rest of the month plus 60 additional days. Trade futures at $0.50 per contract and get up to $3,500 in rewards. No waiting. No ramp up period. Are you in? Limited time only.


~$55k Gemini API bill from Firebase iOS key abuse. What can I do now?
~$55k Gemini API bill from Firebase iOS key abuse. What can I do now?
Billing

I’m in a pretty bad Google Cloud situation and looking for advice from people who have dealt with billing or API key abuse cases.

My normal Google Cloud bill is usually around $200/month. This month my project got hit with an unexpected Gemini / Generative Language API bill of around $55k USD. The billing report shows the spike was almost entirely Gemini API usage, not normal Firebase or app traffic.

I pulled Cloud Monitoring data and it shows about 2.2 million Gemini API requests during the incident window. The traffic was tied to one API key UID. That key maps back to a Firebase generated public iOS client key used in my mobile app config, not a Gemini key that I intentionally created or used.

I found out from a Google billing anomaly email. At the time I received the alert, the visible bill was around $2k. Within about 2 hours, I disabled the Generative Language API, restricted the key, deleted it, and later verified that Gemini usage stopped.

The problem is that the bill kept ramping up after that because of billing/reporting delays, and eventually landed around $55k.

Google declined the request to adjust the charges, saying the usage was considered valid because it came through my project/API key.

Original Post


Built a Firebase starter kit — auth + realtime DB in one HTML file, no build step
Built a Firebase starter kit — auth + realtime DB in one HTML file, no build step
Demo

Was tired of rewriting the same Firebase boilerplate every time I started a side project - auth state handling, protected views, XSS-safe rendering, per-user database scoping. Packaged it up as a single HTML file: paste in your config, and you've got working email/password auth, Google sign-in, and a realtime database CRUD example, all wired up. No npm install, no bundler . just open the file. Also ships with proper Realtime Database security rules, since most free starter kits I found skip that part entirely and leave the database wide open. £5 (~$6.70) if anyone wants it - link in comments. Happy to answer questions about the setup or the architecture.