Method: projects.apps.generatePlayIntegrityChallenge

Generates a challenge that protects the integrity of an immediately following integrity verdict request to the Play Integrity API. The next call to apps.exchangePlayIntegrityToken using the resulting integrity token will verify the presence and validity of the challenge. A challenge should not be reused for multiple calls.

HTTP request

POST https://firebaseappcheck.googleapis.com/v1beta/{app=projects/*/apps/*}:generatePlayIntegrityChallenge

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
app

string

Required. The relative resource name of the app, in the format:

projects/{project_number}/apps/{app_id}

If necessary, the project_number element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.

Request body

The request body must be empty.

Response body

Response message for the apps.generatePlayIntegrityChallenge method.

If successful, the response body contains data with the following structure:

JSON representation
{
  "challenge": string,
  "ttl": string
}
Fields
challenge

string

A one-time use challenge for the client to pass to the Play Integrity API.

ttl

string (Duration format)

The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/firebase

For more information, see the Authentication Overview.