FireBase is a Google service which provides database access via an API. There are subcategories of services that are integrated with FireBase such as FireBase Messages. A lot of iOS apps use this service and store sensitive information, such as API keys and URLs in plist files usually named GoogleService-Info.plist or similar.
Copy Richards-iPad:/var/containers/Bundle/Application root# find . -iname "Google*.plist"
./40D41454-C236-4788-B31E-D50C4A5A7625/NewDay.app/GoogleService-Info.plist
./90413EA2-23BE-4813-8DEC-1D435253CC3D/Anywhere.app/GoogleService-Info.plist
./6AB7C202-E61D-4426-A9F3-974CB06D04AA/OneTalk.app/GoogleService-Info.plist
./B49DE46C-19E8-43EE-B507-5616E8E519F5/Dominos.app/GoogleService-Info.plist
./927CDE80-4F16-49FB-8F79-6DFD9FC15EFE/HomeRunHKNews.app/GoogleService-Info.plist
./EAFF5668-10E4-450A-B066-CD6C0AAAF2DA/App.app/GoogleService-Info.plist
./AD6BD99D-5814-4E98-BBF7-6C4C812E1E2F/Giggle.app/GoogleService-Info.plist
./F8EAC32F-16E2-4998-A881-7FAF0852A911/RollyLegs.app/GoogleService-Info.plist
./5A63614C-56DD-4C97-8173-DBBA7758BDCB/KFC.app/GoogleService-Info-release.plist
<snipped>
It is possible to test the FireBase Messaging API with the following curl command replacing the API key with the one found in the plist.
Copy curl -s -XPOST -H 'content-type: application/json' -d '{"token":":custom_token","returnSecureToken":True}' 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=:api_key'
Copy curl -s -XPOST -H 'content-type: application/json' -d '{"idToken":":id_token"}'
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=:api_key
'