Stay organized with collectionsSave and categorize content based on your preferences.
Installing the Admin SDK
This document shows you how to install the Identity Platform Admin SDK.
The Admin SDK lets you manage Identity Platform from a server
environment, and perform administrator actions such as migrating users,
setting custom claims, and configuring identity providers.
Before you begin
To use the Admin SDK, you need a server app running one of the following:
Language
Minimum framework version
Node.js
Node.js 8.13.0+
Java
Java 7+ (Java 8+ recommended)
Python
Python 2.7+ or 3.4+ (3.4+ recommended)
Go
Go 1.9+
C#
.NET Framework 4.5+ or .NET Core 1.5+
The following table lists the features supported by each SDK language:
In theService account namefield, enter a name. The Google Cloud console fills
in theService account IDfield based on this name.
In theService account descriptionfield, enter a description. For example,Service account for quickstart.
ClickCreate and continue.
Grant theProject > Adminrole to the service account.
To grant the role, find theSelect a rolelist, then selectProject > Admin.
ClickContinue.
ClickDoneto finish creating the service account.
Do not close your browser window. You will use it in the next step.
Create a service account key:
In the Google Cloud console, click the email address for the service account that you
created.
ClickKeys.
ClickAdd key, and then clickCreate new key.
ClickCreate. A JSON key file is downloaded to your computer.
ClickClose.
Provide authentication credentials to your application code by setting the
environment variableGOOGLE_APPLICATION_CREDENTIALS. This
variable applies only to your current shell session. If you want the variable
to apply to future shell sessions, set the variable in your shell startup file,
for example in the~/.bashrcor~/.profilefile.
Linux or macOS
exportGOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
ReplaceKEY_PATHwith the path of the JSON file that contains your credentials.
ReplaceKEY_PATHwith the path of the JSON file that contains your credentials.
Installing the SDK
Node.js
The Node.js Admin SDK is available on npm. If you don't already
have apackage.jsonfile, create one usingnpm init. Next, install the
npm package and save it to yourpackage.json:
npminstallfirebase-admin--save
To use the module in your app,requireit from any JavaScript file:
varadmin=require('firebase-admin');
If you are using ES2015, you canimportthe module instead:
import*asadminfrom'firebase-admin';
Java
The Java Admin SDK is published to the Maven central repository.
To install the library, declare it as a dependency in yourbuild.gradlefile:
Initializing the SDK with a service account key file
You can also manually specify a service account key file:
Node.js
// Initialize the default appvaradmin=require('firebase-admin');varapp=admin.initializeApp({credential:admin.credential.cert('/path/to/serviceAccountKey.json')});
Typically, you'll only want to initialize a single, default app. However,
you can also create multiple app instances, each with its own configuration
options and authentication state.
Node.js
// Initialize the default appadmin.initializeApp(defaultAppConfig);// Initialize another app with a different configvarotherApp=admin.initializeApp(otherAppConfig,'other');console.log(admin.app().name);// '[DEFAULT]'console.log(otherApp.name);// 'other'// Use the shorthand notation to retrieve the default app's servicesvardefaultAuth=admin.auth();
Java
// Initialize the default appFirebaseAppdefaultApp=FirebaseApp.initializeApp(defaultOptions);// Initialize another app with a different configFirebaseAppotherApp=FirebaseApp.initializeApp(otherAppConfig,"other");System.out.println(defaultApp.getName());// "[DEFAULT]"System.out.println(otherApp.getName());// "other"// Use the shorthand notation to retrieve the default app's servicesFirebaseAuthdefaultAuth=FirebaseAuth.getInstance();FirebaseDatabasedefaultDatabase=FirebaseDatabase.getInstance();// Use the otherApp variable to retrieve the other app's servicesFirebaseAuthotherAuth=FirebaseAuth.getInstance(otherApp);FirebaseDatabaseotherDatabase=FirebaseDatabase.getInstance(otherApp);
# Initialize the default appdefault_app=firebase_admin.initialize_app(cred)# Initialize another app with a different configother_app=firebase_admin.initialize_app(cred,name='other')print(default_app.name)# "[DEFAULT]"print(other_app.name)# "other"# Retrieve default services via the auth package...# auth.create_custom_token(...)# Use the `app` argument to retrieve the other app's services# auth.create_custom_token(..., app=other_app)
// Initialize the default appdefaultApp,err:=firebase.NewApp(context.Background(),nil)iferr!=nil{log.Fatalf("error initializing app: %v\n",err)}// Initialize another app with a different configopt:=option.WithCredentialsFile("service-account-other.json")otherApp,err:=firebase.NewApp(context.Background(),nil,opt)iferr!=nil{log.Fatalf("error initializing app: %v\n",err)}// Access Auth service from default appdefaultClient,err:=defaultApp.Auth(context.Background())iferr!=nil{log.Fatalf("error getting Auth client: %v\n",err)}// Access auth service from other appotherClient,err:=otherApp.Auth(context.Background())iferr!=nil{log.Fatalf("error getting Auth client: %v\n",err)}
// Initialize the default appvardefaultApp=FirebaseApp.Create(defaultOptions);// Initialize another app with a different configvarotherApp=FirebaseApp.Create(otherAppConfig,"other");Console.WriteLine(defaultApp.Name);// "[DEFAULT]"Console.WriteLine(otherApp.Name);// "other"// Use the shorthand notation to retrieve the default app's servicesvardefaultAuth=FirebaseAuth.DefaultInstance;// Use the otherApp variable to retrieve the other app's servicesvarotherAuth=FirebaseAuth.GetAuth(otherApp);
If you're using a Compute Engine VM with Google Application Default
Credentials for authentication, you''ll need to set the rightaccess scopes.
Identity Platform requires theuserinfo.emailandcloud-platformaccess scopes.
To check your existing access scopes, run the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe Identity Platform Admin SDK allows server-side management of Identity Platform, enabling actions like user migration, setting custom claims, and configuring identity providers.\u003c/p\u003e\n"],["\u003cp\u003eThe Admin SDK supports multiple languages, including Node.js, Java, Python, Go, and C#, each with specific minimum framework version requirements.\u003c/p\u003e\n"],["\u003cp\u003eBefore using the Admin SDK, you must create a service account in the Google Cloud console or via \u003ccode\u003egcloud\u003c/code\u003e, and grant it the "Identity Toolkit Admin" or "Project > Admin" role, along with creating a service account key.\u003c/p\u003e\n"],["\u003cp\u003eYou can initialize the Admin SDK in your server application using either default credentials or a service account key file, with examples provided for each supported language.\u003c/p\u003e\n"],["\u003cp\u003eMultiple app instances with unique configurations and authentication states can be created using the admin SDK.\u003c/p\u003e\n"]]],[],null,[]]
