skip to Main Content

I am trying to start using app check for my application.
I have https backend and need to get on an Android client-side app check token by myself.
To get the app check token on Android I use this code

FirebaseAppCheck.getInstance().getAppCheckToken(false)
    .addOnSuccessListener { appCheckToken ->
         //saving token somewhere
    }
    .addOnFailureListener { e ->
        Log.e("MyApp", "Failed to get App Check token", e)
    }

I had a few times when it was successful to get this token. But most of the time I get an exception "Too many attempts" (see screenshot attached).
enter image description here

So I have the following questions:

  • Why do I get this error? Maybe I overlapped some limits. Then what are that limits?

  • If the reason is in some limits. How can I deal with it during development? I mean sometimes it’s necessary to get new tokens more often than it will happen on the side of a real user.

Can somebody help me with this problem?

2

Answers


  1. When you’re using Firebase App Check, please note that your use is subject to some quotas and limits:

    DeviceCheck and App Attest access is subject to any quotas or limitations set by Apple.

    Play Integrity has a daily quota of 10,000 calls for its Standard API usage tier. For information on raising your usage tier, see the Play Integrity documentation.

    SafetyNet has a daily quota of 10,000 calls. For information on requesting a quota increase, see the SafetyNet documentation.

    reCAPTCHA v3 has a monthly quota of 1 million calls, as well as a 1,000 QPS limit. For information on requesting a quota increase, see the reCAPTCHA documentation.

    reCAPTCHA Enterprise is no-cost for 1 million calls per month, and at cost beyond that. See reCAPTCHA Enterprise pricing.

    Since you’re using Kotlin, the first limit doesn’t apply. The last two as well, as I don’t think you can easily reach 1 million reCAPTCHA calls. So most likely, you’re reaching 10,000 calls for its Standard API usage tier. In this case, you have to examine your code and find what exactly can produce such a high number of calls. Most likely, a call to getAppCheckToken that exists inside a loop or anything similar.

    Login or Signup to reply.
  2. I also want to suggest a few things to save your quota limit:

    1. Keep thread-safe firebase function call, to prevent multiple network requests into Firebase Backend Services

    2. In case you are interested in building a flexible solution – to connect AppCheck Token for X number of requests and do not care about synchronized calls – check the GitHub repository. I have described the problem and suggested a working solution

    https://github.com/maxim-petlyuk/firebase-appcheck-interceptor

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search