What is Firebase App Check?

Q: What is Firebase App Check?

Firebase App Check protects your Firebase backend resources (Firestore, Cloud Functions, Realtime Database, Storage) from abuse by ensuring requests come from your legitimate app — not bots, scripts, or unauthorized clients. How it works: (1) Attestation providers — App Check integrates with platform-specific attestation: App Attest (iOS 14+), Play Integrity (Android), and reCAPTCHA Enterprise (web); (2) Token issuance — the attestation provider verifies the app is legitimate and issues a

Answer

Firebase App Check protects your Firebase backend resources (Firestore, Cloud Functions, Realtime Database, Storage) from abuse by ensuring requests come from your legitimate app — not bots, scripts, or unauthorized clients. How it works: (1) Attestation providers — App Check integrates with platform-specific attestation: App Attest (iOS 14+), Play Integrity (Android), and reCAPTCHA Enterprise (web); (2) Token issuance — the attestation provider verifies the app is legitimate and issues a short-lived App Check token; (3) Token enforcement — Firebase services validate the App Check token on every request and reject requests without valid tokens. Enforcement modes: monitor (log but allow) and enforce (block unverified requests). Benefits: prevents API scraping, credential stuffing, and unauthorized Firestore reads that inflate your billing. App Check complements Security Rules — Rules control who can access what; App Check verifies the request comes from a genuine app instance.

Answer

More Firebase / Firestore Questions