Getting Started with Google Play Integrity API in Node.js
The Google Play Integrity API is a powerful tool for ensuring the integrity of your Android apps on the Google Play Store. While the official Android documentation provides guidance on Play Integrity API integration, the backend documentation can be challenging for developers to navigate. In this guide, we’ll simplify the process and walk you through the steps to integrate the Play Integrity API into your Node.js backend server.
Prerequisites
Before we begin, make sure you have the following in place:
1. Node.js installed on your system.
2. A cloud-linked project associated with your app on the Google Play Console. You can access your cloud project details [here]. Navigate to the App Integrity section to enable the Play Integrity API from the settings section here.
1: Installation
To get started, you’ll need to install the necessary modules. Run the following command in your Node.js project directory to install the required modules:
npm install googleapisThis will install the Google APIs library, which includes the Play Integrity module and the Google Auth module.
2: Configure the Play Integrity API
Once you have the modules installed, it’s time to configure the Play Integrity API. Create an `index.js` file in your Node.js project and add the following code to configure the Google Auth client:
const { google } = require('googleapis');
async function configureGoogleAuth() {
const auth = new google.auth.GoogleAuth({
credentials: creds, // Replace with your credentials
scopes: ['https://www.googleapis.com/auth/playintegrity'],
});
const authClient = await auth.getClient();
google.options({ auth: authClient });
}Replace `creds` with your own credentials which you obtain from the cloud console project json file.
3: Implement the Play Integrity API Function
Now, let’s create a function to interact with the Play Integrity API. Add the following code to your `index.js` file:
async function validateDeviceToken({deviceToken}) {
try {
const res = await google.playintegrity('v1').v1.decodeIntegrityToken({
packageName: `Your app package name`,
requestBody: {
integrityToken: deviceToken
}
});
const response = res.data && res.data.tokenPayloadExternal;
if (!response) {
//throw some error here
throw new Error('Invalid Response');
}
const { requestDetails, appIntegrity, deviceIntegrity, accountDetails } = response;
if (
!requestDetails ||
requestDetails.requestPackageName.toLowerCase() !== `Your app package name`.toLowerCase() ||
Date.now() - requestDetails.timestampMillis >= 120000 ||
!appIntegrity ||
appIntegrity.appRecognitionVerdict !== 'PLAY_RECOGNIZED' ||
!deviceIntegrity ||
(deviceIntegrity.deviceRecognitionVerdict &&
deviceIntegrity.deviceRecognitionVerdict.length === 0) ||
!accountDetails ||
accountDetails.appLicensingVerdict !== 'LICENSED'
) {
throw new Error('Forbidden Device');
}
if (!deviceIntegrity.deviceRecognitionVerdict.includes('MEETS_DEVICE_INTEGRITY')) {
throw new Error('Forbidden Device');
}
} catch (err) {
throw new Error('Some error occured ${err}');
}
}Note: You can configure the above logic according to your own implementation and rules of whether to pass a device or not
Last step,
To make this function accessible from other parts of your application, export it at the end of your `index.js` file:
module.exports = {
validateDeviceToken,
};You’re now ready to integrate the Google Play Integrity API into your Node.js backend. Use the `validateDeviceToken` function to validate device tokens and ensure the integrity of your app. If you found this guide helpful, please upvote and share it with others in the developer community. Happy coding! 🔥
