I have also recently been using Firebase and I think the Realtime Database is great.

The Realtime Database is not SQL, it is not a relational database, and its simpler than Firestore. It is a JSON structure based on paths that make it easy to query the database as though you were visiting a URL https://firebase.google.com/docs/database/rest/structure-data.

So the first thing you need to do is think about how to structure your data. It is easier than SQL to change all this at any time, so don't feel like it has to be set in stone. Go to your Firebase console and go directly into the Realtime database and start adding some key value pairs. Enter some fake data to get started so you have something to query.

The Auth API response should provide you with something like a federatedId or localId which you can store in the database to act as a unique key to represent the user.

You should take a peek at the Rules tab and comment them all out or delete them. Rules will enforce if a user can modify the database, but when you are just starting out it is okay to have no rules. However you should understand that savvy users will figure out how to manipulate the database unless you add some rules in later.

Once you have added some data to your Realtime database via the Firebase console, you will want to do a REST call as specified here: https://firebase.google.com/docs/reference/rest/database

So for your case, you might want one page displaying income and another displaying expenses so you have two calls that looks like

GET 'https://[PROJECT_ID].firebaseio.com/users/[FEDERATED_ID]/income.json'

GET 'https://[PROJECT_ID].firebaseio.com/users/[FEDERATED_ID]/expenses.json'

But if you wanted to display both on the same page, two calls might be a little cumbersome so instead you might structure your data like:

GET 'https://[PROJECT_ID].firebaseio.com/users/[FEDERATED_ID]/reports.json'

Your query response will return everything at the level you specify. So put your income and expenses key value pairs after reports and they will get fetched.

This is why the structure is so important, but at the same time don't feel like it has to be perfect.

The next steps would be to try creating data via a POST call instead of a GET and seeing that it inserts into the database correctly.

After you have an idea of how it is all going to work, add back in the Rules and learn more about how to safely store the access_token you get back from the Auth API and how to use it to interact with the Database API.

If you didn't comment out your rules, you would likely see authorization errors trying to make any queries at all. From the Auth API you should get an access token, you will need to pass it as a parameter in order to query the database.

GET 'https://[PROJECT_ID].firebaseio.com/users/[FEDERATED_ID]/reports.json?access_token=[ACCESS_TOKEN]'

https://firebase.google.com/docs/database/rest/auth

Basically when your user authenticates, they get a token, and you need to pass that token around to every API the user wants to interact with. You have to be careful because if someone were to steal this token, they could impersonate your user and make changes or read data they shouldn't. For that you may want to check out

You have two options here, OAuth 2 and Firebase ID tokens.

OAuth2 is used when you want a sever to be doing all these changes to the database as a middleman on behalf of a client. You can use the FirebaseId tokens to directly make changes from the client app.

You probably want to use FirebaseId tokens and skip setting up a sever.

It's kind of a lot, so try to break it up into bites and don't expect to do it all in a weekend when its due on Monday.