Stay organized with collections
Save and categorize content based on your preferences.
Generates a challenge that protects the integrity of an immediately following integrity verdict request to the Play Integrity API. The next call to apps.exchangePlayIntegrityToken using the resulting integrity token will verify the presence and validity of the challenge. A challenge should not be reused for multiple calls.
HTTP request
POST https://firebaseappcheck.googleapis.com/v1/{app=projects/*/apps/*}:generatePlayIntegrityChallenge
Required. The relative resource name of the app, in the format:
projects/{project_number}/apps/{app_id}
If necessary, the project_number element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-04-05 UTC."],[],[],null,["# Method: projects.apps.generatePlayIntegrityChallenge\n\nGenerates a challenge that protects the integrity of an immediately following integrity verdict request to the Play Integrity API. The next call to [apps.exchangePlayIntegrityToken](/docs/reference/appcheck/rest/v1/projects.apps/exchangePlayIntegrityToken#google.firebase.appcheck.v1.TokenExchangeService.ExchangePlayIntegrityToken) using the resulting integrity token will verify the presence and validity of the challenge. A challenge should not be reused for multiple calls.\n\n### HTTP request\n\n`POST https://firebaseappcheck.googleapis.com/v1/{app=projects/*/apps/*}:generatePlayIntegrityChallenge`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n| Parameters ||\n|-------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `app` | `string` Required. The relative resource name of the app, in the format: projects/{project_number}/apps/{app_id} If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. |\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nResponse message for the [apps.generatePlayIntegrityChallenge](/docs/reference/appcheck/rest/v1/projects.apps/generatePlayIntegrityChallenge#google.firebase.appcheck.v1.TokenExchangeService.GeneratePlayIntegrityChallenge) method.\n\nIf successful, the response body contains data with the following structure:\n\n| JSON representation |\n|------------------------------------------------|\n| ``` { \"challenge\": string, \"ttl\": string } ``` |\n\n| Fields ||\n|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `challenge` | `string` A one-time use [challenge](https://developer.android.com/google/play/integrity/verdict#protect-against-replay-attacks) for the client to pass to the Play Integrity API. |\n| `ttl` | `string (`[Duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)` format)` The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `\"3.5s\"`. |\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n- `https://www.googleapis.com/auth/firebase`\n\nFor more information, see the [Authentication Overview](https://cloud.google.com/docs/authentication/)."]]
