Stay organized with collections
Save and categorize content based on your preferences.
google::play::integrity::RequestIntegrityTokenParams
#include <integrity/models.h>
Params for requesting an integrity token.
Summary
See IntegrityClient::RequestIntegrityToken for more details.
Public attributes
request_hash
const std::string google::play::integrity::RequestIntegrityTokenParams::request_hash
The hash of the request.
Use this field to mitigate against tampering attacks.
For example, a game may want to report the player's score to the game's backend server, and your server wants to ensure this score has not been tampered with by a proxy server. The Play Integrity API returns the value you set in this field, inside the signed integrity response. Without the request_hash, the integrity token will be bound only to the device, but not to the specific request, which opens up the possibility of attack.
To mitigate this when you request an integrity verdict:
- Compute a digest of all relevant request parameters (e.g. SHA256 of a stable request serialization) from the user action or server request that is happening.
- Set the RequestIntegrityTokenParams::request_hash field to the digest.
request_token_data
RequestTokenData google::play::integrity::RequestIntegrityTokenParams::request_token_data
The integrity token request data.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-23 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-23 UTC."],[],[],null,["# google::play::integrity::RequestIntegrityTokenParams Struct Reference\n\ngoogle::play::integrity::RequestIntegrityTokenParams\n====================================================\n\n\n`#include \u003cintegrity/models.h\u003e`\n\nParams for requesting an integrity token.\n\nSummary\n-------\n\nSee [IntegrityClient::RequestIntegrityToken](/games/playgames/native-pc/reference/class/google/play/integrity/integrity-client#classgoogle_1_1play_1_1integrity_1_1_integrity_client_1a4357e1b01ef9be5eb0e6a69bb45ed021) for more details.\n\n| ### Public attributes ||\n|--------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [request_hash](#structgoogle_1_1play_1_1integrity_1_1_request_integrity_token_params_1aa68139c18e6b5a565e04802f87a2cd19) | `const std::string` The hash of the request. |\n| [request_token_data](#structgoogle_1_1play_1_1integrity_1_1_request_integrity_token_params_1a9028cd04af1279fe92dda18899547f9b) | [RequestTokenData](/games/playgames/native-pc/reference/struct/google/play/integrity/request-token-data#structgoogle_1_1play_1_1integrity_1_1_request_token_data) The integrity token request data. |\n\nPublic attributes\n-----------------\n\n### request_hash\n\n```gdscript\nconst std::string google::play::integrity::RequestIntegrityTokenParams::request_hash\n``` \nThe hash of the request.\n\nUse this field to mitigate against tampering attacks.\n\nFor example, a game may want to report the player's score to the game's backend server, and your server wants to ensure this score has not been tampered with by a proxy server. The Play Integrity API returns the value you set in this field, inside the signed integrity response. Without the request_hash, the integrity token will be bound only to the device, but not to the specific request, which opens up the possibility of attack.\n\nTo mitigate this when you request an integrity verdict:\n\n- Compute a digest of all relevant request parameters (e.g. SHA256 of a stable request serialization) from the user action or server request that is happening.\n- Set the [RequestIntegrityTokenParams::request_hash](/games/playgames/native-pc/reference/struct/google/play/integrity/request-integrity-token-params#structgoogle_1_1play_1_1integrity_1_1_request_integrity_token_params_1aa68139c18e6b5a565e04802f87a2cd19) field to the digest.\n\n\u003cbr /\u003e\n\n### request_token_data\n\n```scdoc\nRequestTokenData google::play::integrity::RequestIntegrityTokenParams::request_token_data\n``` \nThe integrity token request data."]]