Firebase App Check

Mike_Chan · August 9, 2025, 4:18am

Hi, i know this is an old topic but wish to know how I can implement FB App Check in kodular apps.
By referring to last year topic in App Inventor community site App Check (FireBase) - App Inventor App - #6 by TIMAI2 - MIT App Inventor Help - MIT App Inventor Community @TimAi2 mentioned that the FB App Check’s key need to put in request headers.
Is it I need to initialize it at the “when Screen1 initialize” blocks?
The key means the API key from FB, is this correct?
And the “SHA-256 certificate fingerprint” that need to input I get from Kodular’s Keystore SHA1?

Mike_Chan · August 12, 2025, 6:50am

I just saw the updates from Kodular management where they release the Play Integrity, so its same for the Firebase App Check is it? @Diego

Is there any guide for this Play Integrity component?
And where can I get the Hash ya?

Diego · August 12, 2025, 7:25am

Unfortunately Firebase App Check and Play Integrity are not exactly the same. FB App Check is built on top of Play Integrity, and as of now only Play Integrity is available.

Mike_Chan · August 12, 2025, 7:45am

Understood and thank you for your explaination.
But with Play Integrity only should be enough right, as can register my app in the Firebase App Check (Play Integrity).

Diego · August 12, 2025, 9:49am

No. Firebase App Check uses additional libraries. What Firebase App Check does is to attach integrity tokens from Play Integrity to calls to Firebase APIs.

The point of Play Integrity as a standalone component is to let you communicate with a specific server, and let that server verify the integrity tokens. Firebase APIs are in a server “not owned by you”, hence you will have to use their specific libraries to communicate with them.

You can indeed register your app in Firebase App Check. However, if you use our Firebase components, they will not have the integrity tokens, so it will effectively not change anything.

Mike_Chan · August 12, 2025, 2:50pm

Appreciate for your detail explaination on the Fireabse App Check and Play Integrity.
If Kodular’s Play Integrity is meant for standalone, which type of server(s) I can set for it?
Then if i use Kodular’s Play Integrity component, so I no longer need to register my app in Firebase App Check, is this correct?
Just rely on the specific server communicate with Kodular’s Play Integrity?

Diego · August 12, 2025, 7:17pm

You can refer to the official integration guide: Make a standard API request | Play Integrity | Android Developers. More specifically, the “Decrypt and verify the integrity verdict” section.

Technically speaking no, because it’s just not supported. The purpose of Play Integrity is to “sign” API requests to backend servers with their tokens. Then, the servers validate those tokens to ensure they came from legitimate devices.

The key here is that Firebase is a “backend server”, but we don’t (yet) support their Play Integrity integration, aka Firebase App Check.
Let’s say you have your own backend server running some custom Python/PHP/Java code. You just have to send that integrity token in your request, validate it, and then you can make sure the requests came from a legitimate device.

system · September 11, 2025, 7:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem Key SHA1 Discuss question	29	4370	March 12, 2021
Firebase Authentication error Discuss firebase-auth	27	6021	December 4, 2020
Firebase authentication login problem after publishing playstore Discuss	9	647	April 17, 2021
Firebase Authentication rules aren't working Discuss howto	17	4326	April 16, 2019
SHA1 key not working Discuss	11	3058	August 20, 2020

Firebase App Check

Related topics