Method: projects.apps.generateAppAttestChallenge

Generates a challenge that protects the integrity of an immediately following call to apps.exchangeAppAttestAttestation or apps.exchangeAppAttestAssertion. A challenge should not be reused for multiple calls.

HTTP request

POST https://firebaseappcheck.googleapis.com/v1/{app=projects/*/apps/*}:generateAppAttestChallenge

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`app`	`string` Required. The relative resource name of the iOS app, in the format: `projects/{project_number}/apps/{app_id}` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.

app

string

Required. The relative resource name of the iOS app, in the format:

projects/{project_number}/apps/{app_id}

If necessary, the project_number element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.

Request body

The request body must be empty.

Response body

Response message for the apps.generateAppAttestChallenge method.

If successful, the response body contains data with the following structure:

JSON representation
{ "challenge": string, "ttl": string }

Fields

Fields
`challenge`	`string (bytes format)` A one-time use challenge for the client to pass to the App Attest API. A base64-encoded string.
`ttl`	`string (Duration format)` The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.

challenge

string (bytes format)

A one-time use challenge for the client to pass to the App Attest API.

A base64-encoded string.

ttl

string (Duration format)

The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/firebase

For more information, see the Authentication Overview.