google::play::integrity::IntegrityClient

#include <integrity/client.h>

Entrypoint for the Google Play Integrity API.

Summary

The Play Integrity API helps you check that interactions and server requests are coming from a genuine PC device. By detecting potentially risky and fraudulent interactions, your app’s backend server can respond with appropriate actions to prevent attacks and reduce abuse.

Constructors and Destructors
IntegrityClient()
~IntegrityClient()

Public functions
PrepareIntegrityToken(const PrepareIntegrityTokenParams & params, PrepareIntegrityTokenContinuation continuation)
void
Warms up the Play Integrity API for requesting integrity tokens.
RequestIntegrityToken(const RequestIntegrityTokenParams & params, RequestIntegrityTokenContinuation continuation)
void
Requests an integrity token using a RequestTokenData obtained from a successful PrepareIntegrityToken call.

Public functions

IntegrityClient

 IntegrityClient()

PrepareIntegrityToken

void PrepareIntegrityToken(
  const PrepareIntegrityTokenParams & params,
  PrepareIntegrityTokenContinuation continuation
)

Warms up the Play Integrity API for requesting integrity tokens.

Before requesting an integrity token (see RequestIntegrityToken), you must prepare (or "warm up") the Play Integrity API. This allows Google Play to intelligently cache partial attestation information on the device in order to decrease the latency on the critical path when you make a request for an integrity verdict.

On success, the continuation will be called with a PrepareIntegrityTokenResultValue containing a RequestTokenData that should be used to request an integrity token. This data should be cached in-memory and reused for the duration of the application's session for calls to RequestIntegrityToken.

Only if your application determines that it is necessary to entirely revaluate the integrity verdict should a call to PrepareIntegrityToken be made.

Details
Parameters
params
Parameters containing a Google Cloud project number.
continuation
The async callback to return the integrity token provider to.

RequestIntegrityToken

void RequestIntegrityToken(
  const RequestIntegrityTokenParams & params,
  RequestIntegrityTokenContinuation continuation
)

Requests an integrity token using a RequestTokenData obtained from a successful PrepareIntegrityToken call.

Integrity tokens are a mechanism for your application to verify the device is not tampered with. For example, your backend server can use the integrity token to verify:

  • Genuine device: Determine whether your application is running on a genuine device that contains a genuine instance of Google Play Games for PC and not tampered with.

When you're checking a user action in your app with the Play Integrity API, you can leverage the RequestIntegrityTokenParams::request_hash field to mitigate against tampering attacks.

For example, a game may want to report the player's score to the game's backend server, and your server wants to ensure this score has not been tampered with by a proxy server. The Play Integrity API returns the value you set in this field, inside the signed integrity response. Without the requestHash, the integrity token will be bound only to the device, but not to the specific request, which opens up the possibility of attack.

To mitigate this when you request an integrity verdict:

  • Compute a digest of all relevant request parameters (e.g. SHA256 of a stable request serialization) from the user action or server request that is happening.
  • Set the RequestIntegrityTokenParams::request_hash field to the digest.

Details
Parameters
params
Parameters containing the prepared RequestTokenData and integrity check request hash.
continuation
The async callback to return the data to.

~IntegrityClient

 ~IntegrityClient()