I'm using Firebase in my iOS and web app to handle user authentication. I need to make sure a user is logged in before he can make any requests to my API. How would I accomplish such a thing with Firebase?

I'm thinking about using Kong - https://getkong.org - as a middleman for my API. Kong has a few options in relation to authenticating incoming requests - https://getkong.org/plugins. What would work with Firebase? JWT authentication? OAuth authentication? Key authentication?

Can you point me in the direction of a basic example? Or give me a basic overview of what I should be looking for?

I ended up authentication the users token server-side, like this:

https://gist.github.com/holgersindbaek/2cc55efd89517e21fbb52b4e95125003

Firebase can allow you to require that a user be logged in with a third party service, such as Google or Facebook, before they can take certain data operations. There's fairly comprehensive documentation from Firebase themselves: https://firebase.google.com/docs/auth/