Firestore Security Rules - Check If Field Is A Valid Email Address

How can I verify if an incoming field is a valid e-mail? Is there a way to use string-functions or anything in Firestore security rules?


Let's say I have a Create-Request with a field called "email". In my Firestore security rules, I would like to check if the email is a valid email address:

  • contains '@'
  • ends with either .xx or .xxx (a casual country-domain-ending)
  • has a '.' before the last three or two letters of the email
  • the '.' does not follow directly after the '@' - at least two letters have to be in-between

So that e.g. [email protected] gets accepted, but not [email protected]

I know that this check is quite extensive and further would like to know if it makes sense to introduce such a validation to security rules?



You can use rules.String.matches.


Performs a regular expression match on the whole string.

A regular expression using Google RE2 syntax.

If you want to set only email address then It's necessary to validate the field as email address.