In my app each user has a "balance" entry in Firestore that handles their in-app credits.
How can I update in a secure way their balances when they interact with the app?
At the moment I update the balance client-side, with Firestore.collectio().document().update({...})
but I’m not sure if that is enough safe, even if I have Firestore rules and AppCheck enabled.
2
Answers
To avoid problems, the ideal is that you make this update using a transaction.
Remembering that it is good to avoid numbers with floating point, in case these credits are money.
If you want to allow only certain updates to the balance, you can usually enforce those in your security rules.
If you’ve tried that and can’t get it to work, we can help better if you show what you tried.