iOS

DeviceCheck and App Attest

DeviceCheck allows servers to set and query two bits of per-device state and to verify that a request is coming from a genuine Apple device. App Attest, exposed through the same service, lets a server cryptographically verify that requests are coming from an authentic, uncompromised instance of an app. The API is JWT-authenticated (ES256) and is used as an anti- fraud / anti-abuse signal alongside iOS apps.

GitHub

Documentation

📖
Documentation
https://developer.apple.com/documentation/devicecheck
📖
APIReference
https://developer.apple.com/documentation/devicecheck/accessing-and-modifying-per-device-data

Other Resources

🔗
Sandbox
https://api.development.devicecheck.apple.com

API entry from apis.yml

apis.yml Raw ↑ 
aid: ios:devicecheck
name: DeviceCheck and App Attest
description: DeviceCheck allows servers to set and query two bits of per-device state and to verify that
  a request is coming from a genuine Apple device. App Attest, exposed through the same service, lets
  a server cryptographically verify that requests are coming from an authentic, uncompromised instance
  of an app. The API is JWT-authenticated (ES256) and is used as an anti- fraud / anti-abuse signal alongside
  iOS apps.
humanURL: https://developer.apple.com/documentation/devicecheck
baseURL: https://api.devicecheck.apple.com
tags:
- Device Attestation
- Anti-Fraud
- App Attest
- Security
properties:
- type: Documentation
  url: https://developer.apple.com/documentation/devicecheck
- type: APIReference
  url: https://developer.apple.com/documentation/devicecheck/accessing-and-modifying-per-device-data
- type: Sandbox
  url: https://api.development.devicecheck.apple.com