blob: a3f27b3bf1e92632df10659762576934520e0dfe [file] [log] [blame]
body, h1, h2, h3, div, span, p, pre, a {
margin: 0;
padding: 0;
border: 0;
font-weight: inherit;
font-style: inherit;
font-size: 100%;
font-family: inherit;
vertical-align: baseline;
body {
font-size: 13px;
padding: 1em;
h1 {
font-size: 26px;
margin-bottom: 1em;
h2 {
font-size: 24px;
margin-bottom: 1em;
h3 {
font-size: 20px;
margin-bottom: 1em;
margin-top: 1em;
pre, code {
line-height: 1.5;
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
pre {
margin-top: 0.5em;
h1, h2, h3, p {
font-family: Arial, sans serif;
h1, h2, h3 {
border-bottom: solid #CCC 1px;
.toc_element {
margin-top: 0.5em;
.firstline {
margin-left: 2 em;
.method {
margin-top: 1em;
border: solid 1px #CCC;
padding: 1em;
background: #EEE;
.details {
font-weight: bold;
font-size: 14px;
<h1><a href="firebaseappcheck_v1beta.html">Firebase App Check API</a> . <a href="firebaseappcheck_v1beta.projects.html">projects</a> . <a href="firebaseappcheck_v1beta.projects.apps.html">apps</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="firebaseappcheck_v1beta.projects.apps.appAttestConfig.html">appAttestConfig()</a></code>
<p class="firstline">Returns the appAttestConfig Resource.</p>
<p class="toc_element">
<code><a href="firebaseappcheck_v1beta.projects.apps.debugTokens.html">debugTokens()</a></code>
<p class="firstline">Returns the debugTokens Resource.</p>
<p class="toc_element">
<code><a href="firebaseappcheck_v1beta.projects.apps.deviceCheckConfig.html">deviceCheckConfig()</a></code>
<p class="firstline">Returns the deviceCheckConfig Resource.</p>
<p class="toc_element">
<code><a href="firebaseappcheck_v1beta.projects.apps.recaptchaConfig.html">recaptchaConfig()</a></code>
<p class="firstline">Returns the recaptchaConfig Resource.</p>
<p class="toc_element">
<code><a href="firebaseappcheck_v1beta.projects.apps.safetyNetConfig.html">safetyNetConfig()</a></code>
<p class="firstline">Returns the safetyNetConfig Resource.</p>
<p class="toc_element">
<code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
<code><a href="#exchangeAppAttestAssertion">exchangeAppAttestAssertion(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Accepts a AppAttest Artifact and Assertion, and uses the developer's preconfigured auth token to verify the token with Apple. Returns an AttestationToken with the App ID as specified by the `app` field included as attested claims.</p>
<p class="toc_element">
<code><a href="#exchangeAppAttestAttestation">exchangeAppAttestAttestation(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Accepts a AppAttest CBOR Attestation, and uses the developer's preconfigured team and bundle IDs to verify the token with Apple. Returns an Attestation Artifact that can later be exchanged for an AttestationToken in ExchangeAppAttestAssertion.</p>
<p class="toc_element">
<code><a href="#exchangeCustomToken">exchangeCustomToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Validates a custom token signed using your project's Admin SDK service account credentials. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#exchangeDebugToken">exchangeDebugToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Validates a debug token secret that you have previously created using CreateDebugToken. If valid, returns an App Check token encapsulated in an AttestationTokenResponse. Note that a restrictive quota is enforced on this method to prevent accidental exposure of the app to abuse.</p>
<p class="toc_element">
<code><a href="#exchangeDeviceCheckToken">exchangeDeviceCheckToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Accepts a [`device_token`]( issued by DeviceCheck, and attempts to validate it with Apple. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#exchangeRecaptchaToken">exchangeRecaptchaToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Validates a [reCAPTCHA v3 response token]( If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#exchangeSafetyNetToken">exchangeSafetyNetToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Validates a [SafetyNet token]( If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#generateAppAttestChallenge">generateAppAttestChallenge(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Initiates the App Attest flow by generating a challenge which will be used as a type of nonce for this attestation.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="close">close()</code>
<pre>Close httplib2 connections.</pre>
<div class="method">
<code class="details" id="exchangeAppAttestAssertion">exchangeAppAttestAssertion(app, body=None, x__xgafv=None)</code>
<pre>Accepts a AppAttest Artifact and Assertion, and uses the developer&#x27;s preconfigured auth token to verify the token with Apple. Returns an AttestationToken with the App ID as specified by the `app` field included as attested claims.
app: string, Required. The full resource name to the iOS App. Format: &quot;projects/{project_id}/apps/{app_id}&quot; (required)
body: object, The request body.
The object takes the form of:
{ # Request message for ExchangeAppAttestAssertion
&quot;artifact&quot;: &quot;A String&quot;, # The artifact previously returned by ExchangeAppAttestAttestation.
&quot;assertion&quot;: &quot;A String&quot;, # The CBOR encoded assertion provided by the Apple App Attest SDK.
&quot;challenge&quot;: &quot;A String&quot;, # A one time challenge returned by GenerateAppAttestChallenge.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeAppAttestAttestation">exchangeAppAttestAttestation(app, body=None, x__xgafv=None)</code>
<pre>Accepts a AppAttest CBOR Attestation, and uses the developer&#x27;s preconfigured team and bundle IDs to verify the token with Apple. Returns an Attestation Artifact that can later be exchanged for an AttestationToken in ExchangeAppAttestAssertion.
app: string, Required. The full resource name to the iOS App. Format: &quot;projects/{project_id}/apps/{app_id}&quot; (required)
body: object, The request body.
The object takes the form of:
{ # Request message for ExchangeAppAttestAttestation
&quot;attestationStatement&quot;: &quot;A String&quot;, # The App Attest statement as returned by Apple&#x27;s client-side App Attest API. This is the CBOR object returned by Apple, which will be Base64 encoded in the JSON API.
&quot;challenge&quot;: &quot;A String&quot;, # The challenge previously generated by the FAC backend.
&quot;keyId&quot;: &quot;A String&quot;, # The key ID generated by App Attest for the client app.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Response message for ExchangeAppAttestAttestation and ExchangeAppAttestDebugAttestation
&quot;artifact&quot;: &quot;A String&quot;, # An artifact that should be passed back during the Assertion flow.
&quot;attestationToken&quot;: { # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check. # An attestation token which can be used to access Firebase APIs.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeCustomToken">exchangeCustomToken(app, body=None, x__xgafv=None)</code>
<pre>Validates a custom token signed using your project&#x27;s Admin SDK service account credentials. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.
app: string, Required. The relative resource name of the app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google&#x27;s [AIP 2510]( standard. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for the ExchangeCustomToken method.
&quot;customToken&quot;: &quot;A String&quot;, # A custom token signed using your project&#x27;s Admin SDK service account credentials.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeDebugToken">exchangeDebugToken(app, body=None, x__xgafv=None)</code>
<pre>Validates a debug token secret that you have previously created using CreateDebugToken. If valid, returns an App Check token encapsulated in an AttestationTokenResponse. Note that a restrictive quota is enforced on this method to prevent accidental exposure of the app to abuse.
app: string, Required. The relative resource name of the app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google&#x27;s [AIP 2510]( standard. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for the ExchangeDebugToken method.
&quot;debugToken&quot;: &quot;A String&quot;, # A debug token secret. This string must match a debug token secret previously created using CreateDebugToken.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeDeviceCheckToken">exchangeDeviceCheckToken(app, body=None, x__xgafv=None)</code>
<pre>Accepts a [`device_token`]( issued by DeviceCheck, and attempts to validate it with Apple. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.
app: string, Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google&#x27;s [AIP 2510]( standard. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for the ExchangeDeviceCheckToken method.
&quot;deviceToken&quot;: &quot;A String&quot;, # The `device_token` as returned by Apple&#x27;s client-side [DeviceCheck API]( This is the Base64 encoded `Data` (Swift) or `NSData` (ObjC) object.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeRecaptchaToken">exchangeRecaptchaToken(app, body=None, x__xgafv=None)</code>
<pre>Validates a [reCAPTCHA v3 response token]( If valid, returns an App Check token encapsulated in an AttestationTokenResponse.
app: string, Required. The relative resource name of the web app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google&#x27;s [AIP 2510]( standard. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for the ExchangeRecaptchaToken method.
&quot;recaptchaToken&quot;: &quot;A String&quot;, # The reCAPTCHA token as returned by the [reCAPTCHA v3 JavaScript API](
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="exchangeSafetyNetToken">exchangeSafetyNetToken(app, body=None, x__xgafv=None)</code>
<pre>Validates a [SafetyNet token]( If valid, returns an App Check token encapsulated in an AttestationTokenResponse.
app: string, Required. The relative resource name of the Android app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google&#x27;s [AIP 2510]( standard. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for the ExchangeSafetyNetToken method.
&quot;safetyNetToken&quot;: &quot;A String&quot;, # The [SafetyNet attestation response]( issued to your app.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check.
&quot;attestationToken&quot;: &quot;A String&quot;, # An App Check token. App Check tokens are signed [JWTs]( containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
<div class="method">
<code class="details" id="generateAppAttestChallenge">generateAppAttestChallenge(app, body=None, x__xgafv=None)</code>
<pre>Initiates the App Attest flow by generating a challenge which will be used as a type of nonce for this attestation.
app: string, Required. The full resource name to the iOS App. Format: &quot;projects/{project_id}/apps/{app_id}&quot; (required)
body: object, The request body.
The object takes the form of:
{ # Request message for GenerateAppAttestChallenge
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
An object of the form:
{ # Response object for GenerateAppAttestChallenge
&quot;challenge&quot;: &quot;A String&quot;, # A one time use challenge for the client to pass to Apple&#x27;s App Attest API.
&quot;ttl&quot;: &quot;A String&quot;, # The duration from the time this challenge is minted until it is expired. This field is intended to ease client-side token management, since the device may have clock skew, but is still able to accurately measure a duration. This expiration is intended to minimize the replay window within which a single challenge may be reused. See AIP 142 for naming of this field.