What Google Cloud APIs should I open access for authentication, Firebase real-time database service and Speech to text API

[ghost]

I am trying to secure my Android application. It uses authentication provided by Google Firebase, I also store some information using Firebase Real-time database, and finally, the main functionality of the app relies on Speech-to-Text API provided also by Google.

I believe all these, can be restricted to one application (package name and app signature).

I have been playing the classic exclusion experiment, by enabling then disabling one API at a time, I couldn't find the right combination, nor any hint, any restriction yields a complete "UNAUTHORIZED" access.

The only option running now is not to restrict at all.

For what I tried already:

1. Firebase real-time database management API (enabled and disabled)
2. Cloud pub/sub API (I remember I saw this somewhere talking about Speech to text or Firebase but I am not sure!!)
3. Firebase management and Firebase installation APIs

Always with

• Cloud speech-to-text API

Without any restriction at all, all works greate, Authentication/database and speech-to-text; The project connects well with the only first App level connection by providing package name and application signature hash.