Can context part of the Firebase https onCall function be manipulated or anyone can mimic the Api request to create the
