google::
#include <integrity/models.h>
Params for requesting an integrity token.
Summary
See IntegrityClient::RequestIntegrityToken for more details.
Public attributes |
|
|---|---|
request_hash
|
const std::string
The hash of the request.
|
request_token_data
|
The integrity token request data.
|
Public attributes
request_hash
const std::string google::play::integrity::RequestIntegrityTokenParams::request_hash
The hash of the request.
Use this field to mitigate against tampering attacks.
For example, a game may want to report the player's score to the game's backend server, and your server wants to ensure this score has not been tampered with by a proxy server. The Play Integrity API returns the value you set in this field, inside the signed integrity response. Without the request_hash, the integrity token will be bound only to the device, but not to the specific request, which opens up the possibility of attack.
To mitigate this when you request an integrity verdict:
- Compute a digest of all relevant request parameters (e.g. SHA256 of a stable request serialization) from the user action or server request that is happening.
- Set the RequestIntegrityTokenParams::request_hash field to the digest.
request_token_data
RequestTokenData google::play::integrity::RequestIntegrityTokenParams::request_token_data
The integrity token request data.