Protect your backend APIs

Safeguard your API resources by preventing unauthorized clients from accessing your backend resources. It works with both Google services and your own APIs.

Protection for your app's data and users

App Check is an additional layer of security that helps protect access to your services by attesting that incoming traffic is authentically coming from your app, and blocking traffic that has not been attested. It helps protect your backend from abuse, such as billing fraud, phishing, app impersonation, and data poisoning.


Android, iOS, web, and custom platforms supported

App Check supports Android, iOS, and web out of the box. For customers that want to support more platforms, you can integrate your own attestation provider with App Check's custom capabilities.

Works with Google backends, or your own

App Check works with Google products, like Cloud Firestore, Realtime Database, Cloud Storage for Firebase, Cloud Functions for Firebase, Cloud Run, Apigee, Google Identity, or your own custom API endpoints.


Fast, flexible, and reliable

App Check complements existing security solutions like Firebase Auth and Security Rules to provide even stronger security. With a convenient UI and SDKs for Android, iOS, web, Unity, and C++, you can get App Check running with just two lines of code. Easily monitor traffic and decide exactly when to turn on enforcement for each Google service. Use session-based tokens with a customizable TTL to balance latency and security, or use limited-use tokens to ensure every request to your custom backend is freshly attested. App Check is certified under major compliance and security standards.


Learn more about Authentication through our documentation.


No-Cost, subject to quotas and limits that vary based on attestation provider.