REST Resource: projects.apps.playIntegrityConfig

Resource: PlayIntegrityConfig

An app's Play Integrity configuration object. This configuration controls certain properties of the AppCheckToken returned by ExchangePlayIntegrityToken, such as its ttl.

Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by the Play Integrity API; please register them via the Firebase Console or programmatically via the Firebase Management Service.

JSON representation
{
  "name": string,
  "tokenTtl": string,
  "appIntegrity": {
    object (AppIntegrity)
  },
  "deviceIntegrity": {
    object (DeviceIntegrity)
  },
  "accountDetails": {
    object (AccountDetails)
  }
}
Fields
name

string

Required. The relative resource name of the Play Integrity configuration object, in the format:

projects/{project_number}/apps/{app_id}/playIntegrityConfig
tokenTtl

string (Duration format)

Specifies the duration for which App Check tokens exchanged from Play Integrity tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

appIntegrity

object (AppIntegrity)

Specifies application integrity requirements for Android devices running your app.

These settings correspond to requirements on the application integrity field obtained from the Play Integrity API. See the default responses table for a quick summary.

The default values for these settings work for most apps, and are recommended.

deviceIntegrity

object (DeviceIntegrity)

Specifies device integrity requirements for Android devices running your app.

These settings correspond to requirements on the device integrity field obtained from the Play Integrity API. See the default responses table for a quick summary.

Warning: There are also conditional as well as optional responses that you can receive, but requires additional explicit opt-in from you. The App Check API is not responsible for any such opt-ins.

The default values for these settings work for most apps, and are recommended.

accountDetails

object (AccountDetails)

Specifies account requirements for Android devices running your app.

These settings correspond to requirements on the account details field obtained from the Play Integrity API. See the default responses table for a quick summary.

The default values for these settings work for most apps, and are recommended.

AppIntegrity

A settings object specifying application integrity requirements for Android devices running your app.

These settings correspond to requirements on the application integrity field obtained from the Play Integrity API. See the default responses table for a quick summary.

The default values for these settings work for most apps, and are recommended.

JSON representation
{
  "allowUnrecognizedVersion": boolean
}
Fields
allowUnrecognizedVersion

boolean

Specifies whether your running app is allowed to have the UNRECOGNIZED_VERSION app recognition verdict.

Note that the app recognition verdict PLAY_RECOGNIZED is a strong, comprehensive integrity signal that takes into account various other signals, including conditional and optional device integrity responses that you have opted into.

If your app is published off-Play, this field should be set to true to allow instances of your app installed from off-Play sources to function.

If set to false, only PLAY_RECOGNIZED verdicts are allowed, and both UNRECOGNIZED_VERSION and UNEVALUATED will be rejected. If set to true, any app recognition verdict is allowed. The default value is false.

DeviceIntegrity

A settings object specifying device integrity requirements for Android devices running your app.

These settings correspond to requirements on the device integrity field obtained from the Play Integrity API. See the default responses table for a quick summary.

Warning: There are also conditional as well as optional responses that you can receive, but requires additional explicit opt-in from you. The App Check API is not responsible for any such opt-ins.

The default values for these settings work for most apps, and are recommended.

JSON representation
{
  "minDeviceRecognitionLevel": enum (DeviceRecognitionLevel)
}
Fields
minDeviceRecognitionLevel

enum (DeviceRecognitionLevel)

Specifies the minimum device integrity level in order for the device to be considered valid. Any device with a device recognition verdict lower than this level will be rejected.

If this is unspecified, the default level is [NO_INTEGRITY][google.firebase.appcheck.v1.PlayIntegrityConfig.DeviceIntegritySettings.DeviceRecognitionLevel.NO_INTEGRITY].

DeviceRecognitionLevel

The possible levels of device recognition verdicts.

Enums
DEVICE_RECOGNITION_LEVEL_UNSPECIFIED Default value. Do not specify this value directly. When this default value is detected in a configuration, the [NO_INTEGRITY][google.firebase.appcheck.v1.PlayIntegrityConfig.DeviceIntegritySettings.DeviceRecognitionLevel.NO_INTEGRITY] default level takes effect.
NO_INTEGRITY

If this level is set, no explicit device integrity label requirements will be checked.

However, because Play Integrity's other features may perform (and require) their own intrinsic device integrity checks, your appIntegrity and accountDetails settings may still cause some device integrity checks to be performed.

MEETS_BASIC_INTEGRITY

This level corresponds to the MEETS_BASIC_INTEGRITY optional device recognition label.

This value represents the most basic level of device integrity, and is the minimum allowed in App Check's standard implementation of Play Integrity.

Warning: Because this is an optional response, you must first explicitly opt in your app in the Play Console in order to receive this label. Without this opt-in, your app may break for any user whose device is eligible for MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY. This API is not responsible for any such opt-ins.

MEETS_DEVICE_INTEGRITY

This level corresponds to the MEETS_DEVICE_INTEGRITY device recognition verdict. Any app integrated with Play Integrity will automatically be eligible to receive this label without any additional action from you.

At this level, devices that have the MEETS_BASIC_INTEGRITY label but not the MEETS_DEVICE_INTEGRITY label will be rejected.

MEETS_STRONG_INTEGRITY

This level corresponds to the MEETS_STRONG_INTEGRITY optional device recognition label.

This value represents the highest level of device integrity. At this level, devices that have the MEETS_BASIC_INTEGRITY or MEETS_DEVICE_INTEGRITY but not the MEETS_STRONG_INTEGRITY label will be rejected.

Warning: Because this is an optional response, you must first explicitly opt in your app in the Play Console in order to receive this label. Without this opt-in, your app may break for any user whose device is eligible for MEETS_STRONG_INTEGRITY. This API is not responsible for any such opt-ins.

AccountDetails

A settings object specifying account requirements for Android devices running your app.

These settings correspond to requirements on the account details field obtained from the Play Integrity API. See the default responses table for a quick summary.

The default values for these settings work for most apps, and are recommended.

JSON representation
{
  "requireLicensed": boolean
}
Fields
requireLicensed

boolean

Specifies whether the caller must have received the LICENSED verdict. For additional details about scenarios where your users will receive this LICENSED label, see the default responses table.

If set to true, apps without the LICENSED app licensing verdict will be rejected. If set to false, any app licensing verdict is allowed. The default value is false.

Methods

batchGet

Atomically gets the PlayIntegrityConfigs for the specified list of apps.

get

Gets the PlayIntegrityConfig for the specified app.

patch

Updates the PlayIntegrityConfig for the specified app.