This page shows you how to enable App Check in a C++ app, using thedefault providers: Play Integrity on Android, and Device Check or App Attest onApple platforms. When you enable App Check, you help ensure thatonly your app can access your project's Firebase resources. See anOverview of this feature.

1. Set up your Firebase project

1. Add Firebase to your C++ project if you haven'talready done so.

2. Register your apps to use App Check with the Play Integrity, Device Check,or App Attest providers in theProject Settings > App Checksection of the Firebase console.

   You usually need to register all of your project's apps, because once youenable enforcement for a Firebase product, only registered apps will be ableto access the product's backend resources.

   For detailed instructions on how to register with each provider, refer tothe Android and iOS specific documentation.

3. Optional: In the app registration settings, set a custom time-to-live(TTL) for App Check tokens issued by the provider. You can set the TTLto any value between 30 minutes and 7 days. When changing this value, beaware of the following tradeoffs:

   • Security: Shorter TTLs provide stronger security, because it reduces thewindow in which a leaked or intercepted token can be abused by anattacker.
   • Performance: Shorter TTLs mean your app will perform attestation morefrequently. Because the app attestation process adds latency to networkrequests every time it's performed, a short TTL can impact the performanceof your app.
   • Quota and cost: Shorter TTLs and frequent re-attestation deplete yourquota faster, and for paid services, potentially cost more.SeeQuotas & limits.

   The default TTLis reasonable for most apps. Note that the App Check library refreshestokens at approximately half the TTL duration.

2. Add the App Check library to your app

Include the App Check library in your set of dependencies, followingthe setup instructions for App Check.

3. Initialize App Check

Add the following initialization code to your app so that it runs before youuse any Firebase services including any creation of Firebase Apps.

Next steps

Once the App Check library is installed in your app, start distributing theupdated app to your users.

The updated client app will begin sending App Check tokens along with everyrequest it makes to Firebase, but Firebase products will not require the tokensto be valid until you enable enforcement in the App Check section of theFirebase console.

Monitor metrics and enable enforcement

Before you enable enforcement, however, you should make sure that doing so won'tdisrupt your existing legitimate users. On the other hand, if you're seeingsuspicious use of your app resources, you might want to enable enforcementsooner.

To help make this decision, you can look at App Check metrics for theservices you use:

• Monitor App Check request metrics forRealtime Database, Cloud Firestore, and Cloud Storage.
• Monitor App Check request metrics for Cloud Functions.

Enable App Check enforcement

When you understand how App Check will affect your users and you're ready toproceed, you can enable App Check enforcement:

• Enable App Check enforcement forRealtime Database, Cloud Firestore, and Cloud Storage.
• Enable App Check enforcement for Cloud Functions.

Use App Check in debug environments

If, after you have registered your app for App Check, you want to run yourapp in an environment that App Check would normally not classify as valid,such as on desktop, an emulator during development, or from a continuousintegration (CI) environment, you can create a debug build of your app thatuses the App Check debug provider instead of a real attestation provider.

SeeUse App Check with the debug provider in C++ apps.