I'm using firebase and i have a question. I'm generateing email reset link with firebase using generatePasswordResetLink function from firebase auth. This function send a generate an email and send it. Everyting is okay. But when i open the email and click the button for "reset password" the url contains oobCode, continueUrl and apiKey.
This apiKey is actully my firebase project apiKey and is it safe to be public like this? The generated url is like below
"https://<url>/reset-password?mode=resetPassword&oobCode=<oobcode>&apiKey=<ApiKey>&continueUrl=<continour Url>"
I just check but i couldn't find the answer
