FirebaseAppCheck
import { FirebaseAppCheck } from "https://googleapis.deno.dev/v1/firebaseappcheck:v1.ts";
Firebase App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing.
§Methods
Returns a public JWK set as specified by RFC 7517 that can be used to verify App Check tokens. Exactly one of the public keys in the returned set will successfully validate any App Check token that is currently valid.
Required. The relative resource name to the public JWK set. Must always be exactly the string jwks
.
Atomically gets the AppAttestConfigs for the specified list of apps.
Required. The parent project name shared by all AppAttestConfigs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the AppAttestConfig for the specified app.
Required. The relative resource name of the AppAttestConfig, in the format: projects/{project_number}/apps/{app_id}/appAttestConfig
Updates the AppAttestConfig for the specified app. While this configuration is incomplete or invalid, the app will be unable to exchange AppAttest tokens for App Check tokens.
Required. The relative resource name of the App Attest configuration object, in the format: projects/{project_number}/apps/{app_id}/appAttestConfig
Creates a new DebugToken for the specified app. For security reasons,
after the creation operation completes, the token
field cannot be updated
or retrieved, but you can revoke the debug token using DeleteDebugToken.
Each app can have a maximum of 20 debug tokens.
Required. The relative resource name of the parent app in which the specified DebugToken will be created, in the format: projects/{project_number}/apps/{app_id}
Deletes the specified DebugToken. A deleted debug token cannot be used to
exchange for an App Check token. Use this method when you suspect the
secret token
has been compromised or when you no longer need the debug
token.
Required. The relative resource name of the DebugToken to delete, in the format: projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id}
Gets the specified DebugToken. For security reasons, the token
field is
never populated in the response.
Required. The relative resource name of the debug token, in the format: projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id}
Lists all DebugTokens for the specified app. For security reasons, the
token
field is never populated in the response.
Required. The relative resource name of the parent app for which to list each associated DebugToken, in the format: projects/{project_number}/apps/{app_id}
Updates the specified DebugToken. For security reasons, the token
field
cannot be updated, nor will it be populated in the response, but you can
revoke the debug token using DeleteDebugToken.
Required. The relative resource name of the debug token, in the format: projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id}
Atomically gets the DeviceCheckConfigs for the specified list of apps. For
security reasons, the private_key
field is never populated in the
response.
Required. The parent project name shared by all DeviceCheckConfigs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the DeviceCheckConfig for the specified app. For security reasons,
the private_key
field is never populated in the response.
Required. The relative resource name of the DeviceCheckConfig, in the format: projects/{project_number}/apps/{app_id}/deviceCheckConfig
Updates the DeviceCheckConfig for the specified app. While this
configuration is incomplete or invalid, the app will be unable to exchange
DeviceCheck tokens for App Check tokens. For security reasons, the
private_key
field is never populated in the response.
Required. The relative resource name of the DeviceCheck configuration object, in the format: projects/{project_number}/apps/{app_id}/deviceCheckConfig
Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an AppCheckToken.
Required. The relative resource name of the iOS app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Accepts an App Attest CBOR attestation and verifies it with Apple using your preconfigured team and bundle IDs. If valid, returns an attestation artifact that can later be exchanged for an AppCheckToken using ExchangeAppAttestAssertion. For convenience and performance, this method's response object will also contain an AppCheckToken (if the verification is successful).
Required. The relative resource name of the iOS app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates a custom token signed using your project's Admin SDK service account credentials. If valid, returns an AppCheckToken.
Required. The relative resource name of the app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates a debug token secret that you have previously created using CreateDebugToken. If valid, returns an AppCheckToken. Note that a restrictive quota is enforced on this method to prevent accidental exposure of the app to abuse.
Required. The relative resource name of the app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Accepts a
device_token
issued by DeviceCheck, and attempts to validate it with Apple. If valid,
returns an AppCheckToken.
Required. The relative resource name of the iOS app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates an integrity verdict response token from Play Integrity. If valid, returns an AppCheckToken.
Required. The relative resource name of the Android app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates a reCAPTCHA Enterprise response token. If valid, returns an AppCheckToken.
Required. The relative resource name of the web app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates a reCAPTCHA v3 response token. If valid, returns an AppCheckToken.
Required. The relative resource name of the web app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Validates a SafetyNet token. If valid, returns an AppCheckToken.
Required. The relative resource name of the Android app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Generates a challenge that protects the integrity of an immediately following call to ExchangeAppAttestAttestation or ExchangeAppAttestAssertion. A challenge should not be reused for multiple calls.
Required. The relative resource name of the iOS app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Generates a challenge that protects the integrity of an immediately following integrity verdict request to the Play Integrity API. The next call to ExchangePlayIntegrityToken using the resulting integrity token will verify the presence and validity of the challenge. A challenge should not be reused for multiple calls.
Required. The relative resource name of the app, in the format: projects/{project_number}/apps/{app_id}
If necessary, the project_number
element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's AIP 2510 standard.
Atomically gets the PlayIntegrityConfigs for the specified list of apps.
Required. The parent project name shared by all PlayIntegrityConfigs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the PlayIntegrityConfig for the specified app.
Required. The relative resource name of the PlayIntegrityConfig, in the format: projects/{project_number}/apps/{app_id}/playIntegrityConfig
Updates the PlayIntegrityConfig for the specified app. While this configuration is incomplete or invalid, the app will be unable to exchange Play Integrity tokens for App Check tokens.
Required. The relative resource name of the Play Integrity configuration object, in the format: projects/{project_number}/apps/{app_id}/playIntegrityConfig
Atomically gets the RecaptchaEnterpriseConfigs for the specified list of apps.
Required. The parent project name shared by all RecaptchaEnterpriseConfigs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the RecaptchaEnterpriseConfig for the specified app.
Required. The relative resource name of the RecaptchaEnterpriseConfig, in the format: projects/{project_number}/apps/{app_id}/recaptchaEnterpriseConfig
Updates the RecaptchaEnterpriseConfig for the specified app. While this configuration is incomplete or invalid, the app will be unable to exchange reCAPTCHA Enterprise tokens for App Check tokens.
Required. The relative resource name of the reCAPTCHA Enterprise configuration object, in the format: projects/{project_number}/apps/{app_id}/recaptchaEnterpriseConfig
Atomically gets the RecaptchaV3Configs for the specified list of apps. For
security reasons, the site_secret
field is never populated in the
response.
Required. The parent project name shared by all RecaptchaV3Configs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the RecaptchaV3Config for the specified app. For security reasons,
the site_secret
field is never populated in the response.
Required. The relative resource name of the RecaptchaV3Config, in the format: projects/{project_number}/apps/{app_id}/recaptchaV3Config
Updates the RecaptchaV3Config for the specified app. While this
configuration is incomplete or invalid, the app will be unable to exchange
reCAPTCHA tokens for App Check tokens. For security reasons, the
site_secret
field is never populated in the response.
Required. The relative resource name of the reCAPTCHA v3 configuration object, in the format: projects/{project_number}/apps/{app_id}/recaptchaV3Config
Atomically gets the SafetyNetConfigs for the specified list of apps.
Required. The parent project name shared by all SafetyNetConfigs being retrieved, in the format projects/{project_number}
The parent collection in the name
field of any resource being retrieved must match this field, or the entire batch fails.
Gets the SafetyNetConfig for the specified app.
Required. The relative resource name of the SafetyNetConfig, in the format: projects/{project_number}/apps/{app_id}/safetyNetConfig
Updates the SafetyNetConfig for the specified app. While this configuration is incomplete or invalid, the app will be unable to exchange SafetyNet tokens for App Check tokens.
Required. The relative resource name of the SafetyNet configuration object, in the format: projects/{project_number}/apps/{app_id}/safetyNetConfig
Atomically updates the specified Service configurations.
Required. The parent project name shared by all Service configurations being updated, in the format projects/{project_number}
The parent collection in the name
field of any resource being updated must match this field, or the entire batch fails.
Gets the Service configuration for the specified service name.
Required. The relative resource name of the Service to retrieve, in the format: projects/{project_number}/services/{service_id}
Note that the service_id
element must be a supported service ID. Currently, the following service IDs are supported: * firebasestorage.googleapis.com
(Cloud Storage for Firebase) * firebasedatabase.googleapis.com
(Firebase Realtime Database) * firestore.googleapis.com
(Cloud Firestore)
Lists all Service configurations for the specified project. Only Services which were explicitly configured using UpdateService or BatchUpdateServices will be returned.
Required. The relative resource name of the parent project for which to list each associated Service, in the format: projects/{project_number}
Updates the specified Service configuration.
Required. The relative resource name of the service configuration object, in the format: projects/{project_number}/services/{service_id}
Note that the service_id
element must be a supported service ID. Currently, the following service IDs are supported: * firebasestorage.googleapis.com
(Cloud Storage for Firebase) * firebasedatabase.googleapis.com
(Firebase Realtime Database) * firestore.googleapis.com
(Cloud Firestore)