Setup

This page explains how to set up your app or game to use the Play Integrity API. In particular, you need to enable responses from the API and integrate the API into your app.

You also have the option to configure your API key management strategy and manage the set of responses that the API sends to your app.

Enable Play Integrity responses

To use the Play Integrity API, you must link your app to a Google Cloud project. You can link to an existing project, or create a new project from your Play Console.

Apps on Google Play

In the Play Console, navigate to the Release section of the left menu. Go to Setup > App integrity. Select the Integrity API tab to get started.

Apps not available on Google Play

If your app isn't available on Google Play, follow these steps to link your app to a Google Cloud project:

  1. Choose an existing project or create a new project from the Google Cloud console.
  2. Go to APIs and services and select enable APIs and services.
  3. Search for Play Integrity API. Select it and then select Enable.

After the API is enabled, you can integrate Play Core into your app.

SDKs using Play Integrity API

To use the Play Integrity API in your SDK, the following conditions must be met:

  • You must link your SDK to a Google Cloud project and enable the Play Integrity API.
  • To receive and decrypt Integrity API responses, you will need to include your Cloud project number in your requests. You can find this in Project info in the Google Cloud Console.
  • The requesting app calling your API must enable the Play Integrity API for their app. When apps available on Google Play use your SDK, your requests to Play Integrity API automatically count towards the app’s API usage.

After choosing a project in the Google Cloud console, go to APIs and services and select enable APIs and services. Search for Play Integrity API. Select it and then select Enable. After the API is enabled, you can integrate Play Core into your app.

Configure your API keys (optional)

By default, Google Play's servers manage the API keys that your app uses when you interact with the Play Integrity API. You can, however, choose to self-manage your API keys.

Let Google manage your API keys (recommended)

To protect your app's security, it's recommended that you allow Google Play to generate and manage API keys for your app. This means that, after your backend server receives an integrity token, your server passes the token to Google Play's servers for decryption and verification.

Self-manage your API keys

If you want to decrypt the integrity verdict locally within your own secure server environment, you can self-manage your API keys. To do so, follow the instructions in the Play Console.

If you choose to self-manage your API keys, don't decrypt or verify the received token from within your client app, and never expose any decryption keys to the client app. Self-managing API keys is only an option for apps available on Google Play.

Switching between Google-managed and self-managed API keys

If Google manages your API keys and you want to switch to using self-managed keys, follow these steps:

  1. Log into the Play Console.
  2. Select an app that uses the Play Integrity API.
  3. In the Release section of the left menu, go to Setup > App integrity.
  4. Navigate to the Integrity API tab.
  5. In the API setting section of the page, click Change API key setting.
  6. In the Manage API Key settings window that appears, click Manage and download my own API keys.
  7. Follow the instructions to upload a public key.
  8. After the Manage API Keys window shows that the upload was successful, click Save.
  9. To download your encrypted API keys, click Download Keys.
  10. Change your server logic so that you decrypt and verify integrity tokens locally, in your own secure server environment, using your API keys.
  11. (Optional) When you self-manage your API keys, your app can still fallback to Google Play's server to decrypt and verify the response.

If you self-manage your API keys and you want to switch to using Google keys, follow these steps:

  1. Change your server logic so that you're solely decrypting and verifying on Google's servers.
  2. Log into the Play Console.
  3. Select an app that uses the Play Integrity API.
  4. In the Release section of the left menu, go to Setup > App integrity.
  5. Navigate to the Integrity API tab.
  6. In the API setting section of the page, click Change API key setting.
  7. In the Manage API Key settings window that appears, click Let Google manage my API keys (recommended).
  8. Click Save changes.

Configure API responses (optional)

The Play Integrity API provides the following main signals in its integrity verdict:

  • Application integrity.
  • Account details.
  • Device integrity.

You can edit the set of device integrity responses that your app receives. By opting in to receive multiple labels, you can build an enforcement strategy based on different levels of device trustworthiness. To do so, follow the instructions in your Play Console.

Integrate Play Core into your app

The Play Core Library is your app's runtime interface with the Google Play Store. To integrate Play Core into your app, follow the instructions in the Overview of the Google Play Core Library.

Kotlin or Java

If you're using a local Maven repository, add the following dependency to your app's build.gradle file:

implementation 'com.google.android.play:core-integrity:1.10.2'

Unity

See Install Google packages for Unity.

Native

See Play Core Native's development environment setup guide.