You can use App Check to protect non-Google custom backend resources for
your app, like your own self-hosted backend. To do so, you'll need to do both of
the following:
Modify your app client to send an App Check token along with each request
to your backend, as described on this page.
To ensure your backend requests include a valid, unexpired, App Check token,
precede each request with a call to FirebaseAppCheck.GetAppCheckTokenAsync().
The App Check library will refresh the token if necessary.
Once you have a valid token, send it along with the request to your backend. The
specifics of how you accomplish this are up to you, but don't send
App Check tokens as part of URLs, including in query parameters, as this
makes them vulnerable to accidental leakage and interception. The recommended
approach is to send the token in a custom HTTP header.
For example:
voidCallApiExample(){FirebaseAppCheck.DefaultInstance.GetAppCheckToken(false).ContinueWithOnMainThread(task=>{if(!task.IsFaulted){// Got a valid App Check token. Include it in your own http calls.}});}
Was this helpful?
Recommended for you
About these recommendations
These recommendations help you find the content you are looking for. They may be based on the page you’re currently viewing and your account’s saved web and app activity.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-21 UTC."],[],[]]