Check out what’s new from Firebase@ Google I/O 2021, and join our alpha program for early access to the new Remote Config personalization feature. Learn more

Enable App Check enforcement for Cloud Functions

To begin enforcing App Check token requirements in your callable Cloud Functions, modify your functions to check for valid App Check tokens.

Before you begin

Enable App Check in your iOS, Android, and Web clients.

Add App Check support to a function

  1. Update your project's firebase-functions dependency to version 3.14.0 or newer:

    npm install firebase-functions@">=3.14.0"
    

    And update your project's firebase-admin dependency to version 9.8.0 or newer:

    npm install firebase-admin@">=9.8.0"
    
  2. Add a check for context.app to your function. Your function should fail if context.app isn't defined.

    exports.yourCallableFunction = functions.https.onCall((data, context) => {
      // context.app will be undefined if the request doesn't include a valid
      // App Check token.
      if (context.app == undefined) {
        throw new functions.https.HttpsError(
            'failed-precondition',
            'The function must be called from an App Check verified app.')
      }
    
      // Your function logic follows.
    });
    
  3. Redeploy your functions:

    firebase deploy --only functions
    

Once these changes are deployed, your callable Cloud Functions will require valid App Check tokens. The Cloud Functions client SDKs automatically attach an App Check token when you invoke a callable function.