How to

Setup

Project Configuration Branding Updating the Logo Updating the Fonts Updating the Favicons Environment variables Setting up Emails

Marketing Pages

Updating the Navigation menu Adding Pages

User Interface

Dark Theme Theming

Application Pages

Adding Pages Updating the Sidebar menu Passing data from server to client Guarding Pages

Authentication

Change Authentication strategy Require Email Verification

API Routes

Adding API Routes Guarding an API Route Calling API Routes from the client Checking CSRF Tokens

Contextual Data

Fetching the signed in User Fetching the selected Organization

Reading Data

Reading a Document Reading a list of Documents

Writing Data

Creating a Document Updating a Document Deleting a Document

Payments

Configuring Plans Running the Stripe Webhook locally Using Lemon Squeezy instead of Stripe

Translations

Adding a new translation string Setting a Default Language Adding a new language Using the Language Switcher Detect current Locale

Getting Started

Introduction Technical Details Clone the repository Running the application Coding Conventions

Configuration

Global Configuration Setting up your Firebase Project Feature Flags Setting up Firebase Functions

Architecture

Architecture and Folder Structure Structure your Application Data Model

UI

Tailwind CSS Shadcn UI Themes

Authentication

Auth Overview Setting up Firebase Auth Auth Flow Third-Party Providers Email Link Authentication Multi-Factor Authentication Requiring Email verification Auth SSR Page Guards API Guards Prevent abuse with AppCheck Custom React Hooks Troubleshooting

Data Fetching

Writing data to Firestore Fetching data from Firestore API requests Reading data from Storage Uploading data to Storage Writing your own Fetch

Development

Building Features Commands Code Style Security Rules Translations and Locales Sending Emails Writing API Routes Validating API payload with Zod Logging Enable CORS Encrypting Secrets User Roles

Payments

Stripe Configuration Stripe Webhooks One-Time Payments Migrate to Lemon Squeezy Disable Stripe

Admin

Overview Adding Admins

Blog and Docs

Overview Blog Documentation Search Functionality

Organizations

Overview Extending Organizations User Permissions Subscription Permissions Custom React Hooks

Utilities

MDX React Hooks

Migrations

Migrating to 0.11.0

Testing

Running Tests CI Tests Limitations

Going to Production

Production Checklist Environment Variables Security Rules

Plugins

Cookie Banner Feedback Popup AI Chatbot

API Reference

Reactfire useCurrentOrganization useCurrentUserRole useUserSession useIsSubscriptionActive withAppProps withTranslationProps withAuthProps withPipe withMethodsGuard withAuthedUser withExceptionFilter withCsrf

Documentation
Next.js Firebase
Writing your own Fetch

Writing your own Fetch

Guide to writing your own fetch implementation

By default, MakerKit uses a custom hook that wraps the browser's fetch to make it easier to use with React's components named useApiRequest.

Additionally, this custom hook automatically adds two headers for security reasons:

X-Firebase-AppCheck - which is the token generated when using Firebase AppCheck
x-csrf-token - the page's CSRF token generated when the page is server-rendered. It's needed to protect the page from CSRF attacks.

Since the useApiRequest hook is pretty basic, if you make complex queries to your API, you may want to use a more complete implementation such as react-query or swc. However, If you don't make complex queries, it can be unnecessary since most of your queries will be to Firestore, which uses its own client-side data-fetching method.

To make these libraries seamlessly work with the API, you only need to consider the headers above if the API uses them to protect your application's endpoints.

Generating an App Check Token

To generate an App Check token, you can use the useGetAppCheckToken hook:


const getAppCheckToken = useGetAppCheckToken();
const appCheckToken = await getAppCheckToken();
 
console.log(appCheckToken) // token

You will need to send a header X-Firebase-AppCheck with the resolved value returned by the promise getAppCheckToken().

Sending the CSRF Token

To retrieve the page's CSRF token, you can use the useGetCsrfToken hook:


const getCsrfToken = useGetCsrfToken();
const csrfToken = getCsrfToken();
 
console.log(csrfToken) // token

You will need to send a header x-csrf-token with the value returned by getCsrfToken().

PreviousUploading data to Storage

Subscribe to our Newsletter

Get the latest updates about React, Remix, Next.js, Firebase, Supabase and Tailwind CSS

Generating an App Check Token

Sending the CSRF Token