---
description: Capacitor plugin to verify app and device integrity using the Play Integrity API on Android and App Attest on iOS, with server-side verification.
title: Capacitor App Integrity Plugin - Capawesome
image: https://capawesome.io/docs/assets/images/social/sdks/capacitor/app-integrity.png
---

<!doctype html> 

[Skip to content ](#capacitor-app-integrity-plugin) 

[🔐 Introducing the **Capacitor Vault** plugin — store secrets behind biometrics or a device passcode. ](/blog/announcing-the-capacitor-vault-plugin/) 

* [ SDKs ](/docs/sdks/)
* [ iOS ](#ios)
* [ Configuration ](#configuration)
* [ Usage ](#usage)
* [ API ](#api)
* [ How Verification Works ](#how-verification-works)
* [ Changelog ](#changelog)
* [ License ](#license)
* [ App Language ](/docs/sdks/capacitor/app-language/)
* [ App Review ](/docs/sdks/capacitor/app-review/)
* [ App Shortcuts ](/docs/sdks/capacitor/app-shortcuts/)
* [ App Tracking Transparency ](/docs/sdks/capacitor/app-tracking-transparency/)
* [ App Update ](/docs/sdks/capacitor/app-update/)
* [ Apple Sign-In ](/docs/sdks/capacitor/apple-sign-in/)
* [ Asset Manager ](/docs/sdks/capacitor/asset-manager/)
* [ Audio Player ](/docs/sdks/capacitor/audio-player/)
* [ Audio Recorder ](/docs/sdks/capacitor/audio-recorder/)
* [ Audio Session ](/docs/sdks/capacitor/audio-session/)
* [ Background Task ](/docs/sdks/capacitor/background-task/)
* [ Badge ](/docs/sdks/capacitor/badge/)
* [ Barometer ](/docs/sdks/capacitor/barometer/)
* [ Battery ](/docs/sdks/capacitor/battery/)
* [ Biometrics ](/docs/sdks/capacitor/biometrics/)
* [ Bluetooth Low Energy ](/docs/sdks/capacitor/bluetooth-low-energy/)
* [ Cloudinary ](/docs/sdks/capacitor/cloudinary/)
* [ Compass ](/docs/sdks/capacitor/compass/)
* [ Contacts ](/docs/sdks/capacitor/contacts/)
* [ Datetime Picker ](/docs/sdks/capacitor/datetime-picker/)
* [ Facebook Sign-In ](/docs/sdks/capacitor/facebook-sign-in/)
* [ File Compressor ](/docs/sdks/capacitor/file-compressor/)
* [ File Opener ](/docs/sdks/capacitor/file-opener/)
* [ File Picker ](/docs/sdks/capacitor/file-picker/)
* [ Firebase ](/docs/sdks/capacitor/firebase/)
* [ Formbricks ](/docs/sdks/capacitor/formbricks/)
* [ Geocoder ](/docs/sdks/capacitor/geocoder/)
* [ Google Sign-In ](/docs/sdks/capacitor/google-sign-in/)
* [ Grafana Faro ](/docs/sdks/capacitor/grafana-faro/)
* [ Gyroscope ](/docs/sdks/capacitor/gyroscope/)
* [ In-App Browser ](/docs/sdks/capacitor/in-app-browser/)
* [ Install Referrer ](/docs/sdks/capacitor/install-referrer/)
* [ Keep Awake ](/docs/sdks/capacitor/keep-awake/)
* [ libSQL ](/docs/sdks/capacitor/libsql/)
* [ Live Update ](/docs/sdks/capacitor/live-update/)
* [ Localization ](/docs/sdks/capacitor/localization/)
* [ Mail Composer ](/docs/sdks/capacitor/mail-composer/)
* [ Managed Configurations ](/docs/sdks/capacitor/managed-configurations/)
* [ Maps Launcher ](/docs/sdks/capacitor/maps-launcher/)
* [ Media Session ](/docs/sdks/capacitor/media-session/)
* [ ML Kit ](/docs/sdks/capacitor/mlkit/)
* [ Navigation Bar ](/docs/sdks/capacitor/navigation-bar/)
* [ NFC ](/docs/sdks/capacitor/nfc/)
* [ Node.js ](/docs/sdks/capacitor/nodejs/)
* [ OAuth ](/docs/sdks/capacitor/oauth/)
* [ Passkeys ](/docs/sdks/capacitor/passkeys/)
* [ Password Autofill ](/docs/sdks/capacitor/password-autofill/)
* [ Pedometer ](/docs/sdks/capacitor/pedometer/)
* [ Photo Editor ](/docs/sdks/capacitor/photo-editor/)
* [ PixLive ](/docs/sdks/capacitor/pixlive/)
* [ PostHog ](/docs/sdks/capacitor/posthog/)
* [ Printer ](/docs/sdks/capacitor/printer/)
* [ Privacy Screen ](/docs/sdks/capacitor/privacy-screen/)
* [ Purchases ](/docs/sdks/capacitor/purchases/)
* [ RealtimeKit ](/docs/sdks/capacitor/realtimekit/)
* [ Root Detection ](/docs/sdks/capacitor/root-detection/)
* [ Screen Brightness ](/docs/sdks/capacitor/screen-brightness/)
* [ Screen Orientation ](/docs/sdks/capacitor/screen-orientation/)
* [ Screenshot ](/docs/sdks/capacitor/screenshot/)
* [ Secure Preferences ](/docs/sdks/capacitor/secure-preferences/)
* [ Shake ](/docs/sdks/capacitor/shake/)
* [ Silent Mode ](/docs/sdks/capacitor/silent-mode/)
* [ SIM ](/docs/sdks/capacitor/sim/)
* [ SMS Composer ](/docs/sdks/capacitor/sms-composer/)
* [ Speech Recognition ](/docs/sdks/capacitor/speech-recognition/)
* [ Speech Synthesis ](/docs/sdks/capacitor/speech-synthesis/)
* [ Share Target ](/docs/sdks/capacitor/share-target/)
* [ Square Mobile Payments ](/docs/sdks/capacitor/square-mobile-payments/)
* [ SQLite ](/docs/sdks/capacitor/sqlite/)
* [ Superwall ](/docs/sdks/capacitor/superwall/)
* [ Thermal State ](/docs/sdks/capacitor/thermal-state/)
* [ Torch ](/docs/sdks/capacitor/torch/)
* [ Vault ](/docs/sdks/capacitor/vault/)
* [ Volume ](/docs/sdks/capacitor/volume/)
* [ Wallet ](/docs/sdks/capacitor/wallet/)
* [ Wifi ](/docs/sdks/capacitor/wifi/)
* [ Zip ](/docs/sdks/capacitor/zip/)
* [ Cordova ](/docs/sdks/cordova/)
* [ Cloud ](/docs/cloud/)
* [ Integrations ](/docs/cloud/live-updates/integrations/)
* Concepts
* Reference
* [ Troubleshooting ](/docs/cloud/live-updates/troubleshooting/)
* [ FAQ ](/docs/cloud/live-updates/faq/)
* [ Native Builds ](/docs/cloud/native-builds/)
* [ Set Up Environments ](/docs/cloud/native-builds/environments/)
* [ Overwrite Native Configurations ](/docs/cloud/native-builds/native-configurations/)
* [ Auto-Increment Build Numbers ](/docs/cloud/native-builds/auto-incrementing-build-numbers/)
* [ Configure the Web Build Script ](/docs/cloud/native-builds/web-build-script/)
* [ Build from a Monorepo ](/docs/cloud/native-builds/monorepo/)
* [ Use pnpm, Yarn, or bun ](/docs/cloud/native-builds/package-managers/)
* [ Install Private npm Packages ](/docs/cloud/native-builds/npm-private-registry/)
* [ Override the Java Version ](/docs/cloud/native-builds/override-java-version/)
* [ Custom iOS Provisioning Profiles ](/docs/cloud/native-builds/custom-ios-provisioning-profiles/)
* [ Build without Git ](/docs/cloud/native-builds/build-without-git/)
* [ Access Git Behind a Firewall ](/docs/cloud/native-builds/firewall-access/)
* [ Integrations ](/docs/cloud/native-builds/integrations/)
* Reference
* [ Troubleshooting ](/docs/cloud/native-builds/troubleshooting/)
* [ FAQ ](/docs/cloud/native-builds/faq/)
* [ App Store Publishing ](/docs/cloud/app-store-publishing/)
* [ Submit a Build ](/docs/cloud/app-store-publishing/submit-a-build/)
* [ Submit Automatically After a Build ](/docs/cloud/app-store-publishing/submit-automatically/)
* [ Troubleshooting ](/docs/cloud/app-store-publishing/troubleshooting/)
* [ FAQ ](/docs/cloud/app-store-publishing/faq/)
* [ Automations ](/docs/cloud/automations/)
* [ Reference ](/docs/cloud/automations/reference/)
* [ Troubleshooting ](/docs/cloud/automations/troubleshooting/)
* [ FAQ ](/docs/cloud/automations/faq/)
* [ Assist ](/docs/cloud/assist/)
* [ CLI ](/docs/cloud/cli/)
* APIs and SDKs
* [ Webhooks ](/docs/cloud/webhooks/)
* [ Integrations ](/docs/cloud/integrations/)
* Account
* [ Organization ](/docs/cloud/organizations/)
* [ Two-Factor Enforcement ](/docs/cloud/organizations/two-factor-authentication/)
* [ Audit Logs ](/docs/cloud/organizations/audit-logs/)
* [ Billing ](/docs/cloud/organizations/billing/)
* [ License Keys ](/docs/cloud/license-keys/)
* [ AI ](/docs/ai/)
* [ Insiders ](/docs/insiders/)
* [ Billing & Plans ](/docs/insiders/billing-and-plans/)
* [ FAQ ](/docs/insiders/faq/)
* [ License ](https://capawesome.io/legal/eula/)
* [ Support ](/docs/support/)
* [ Contributing ](/docs/contributing/)
* Contributing code
* [ Code of Conduct ](/docs/contributing/code-of-conduct/)
* [ Questions ](https://docs.github.com/en/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion#creating-a-discussion)
* [ Blog ](/blog/)
* Categories

* [ iOS ](#ios)
* [ Configuration ](#configuration)
* [ Usage ](#usage)
* [ API ](#api)
* [ How Verification Works ](#how-verification-works)
* [ Changelog ](#changelog)
* [ License ](#license)

# Capacitor App Integrity Plugin[¶](#capacitor-app-integrity-plugin "Permanent link")

Capacitor plugin to verify app and device integrity using the Play Integrity API (Android) and App Attest (iOS).

[ ![Deliver Live Updates to your Capacitor app with Capawesome Cloud](../../../assets/external/cloud.capawesome.io/assets/banners/cloud-build-and-deploy-capacitor-apps.69628c3f.png) ](https://cloud.capawesome.io/) 

## Features[¶](#features "Permanent link")

* 🤖 **Play Integrity**: Request standard and classic integrity tokens from the Play Integrity API on Android.
* 🍏 **App Attest**: Generate hardware-backed keys, attest them and generate assertions with App Attest on iOS.
* 🛡️ **Server-verifiable**: Tokens and assertions are verified on your backend via Google and Apple, so they cannot be spoofed on the device.
* 🤝 **Compatibility**: Works alongside the [Root Detection](https://capawesome.io/docs/sdks/capacitor/root-detection/) plugin for additional client-side checks.
* 📦 **SPM**: Supports Swift Package Manager and CocoaPods for iOS.
* 🔁 **Up-to-date**: Always supports the latest Capacitor version.

Missing a feature? Just [open an issue](https://github.com/capawesome-team/capacitor-plugins/issues) and we'll take a look!

## Newsletter[¶](#newsletter "Permanent link")

Stay up to date with the latest news and updates about the Capawesome, Capacitor, and Ionic ecosystem by subscribing to our [Capawesome Newsletter](https://cloud.capawesome.io/newsletter/).

## Compatibility[¶](#compatibility "Permanent link")

| Plugin Version | Capacitor Version | Status         |
| -------------- | ----------------- | -------------- |
| 0.x.x          | \>=8.x.x          | Active support |

## Installation[¶](#installation "Permanent link")

You can use our **AI-Assisted Setup** to install the plugin. Add the [Capawesome Skills](https://github.com/capawesome-team/skills) to your AI tool using the following command:

`[](#%5F%5Fcodelineno-0-1)npx skills add capawesome-team/skills --skill capacitor-plugins
`

Then use the following prompt:

`` [](#%5F%5Fcodelineno-1-1) Use the `capacitor-plugins` skill from `capawesome-team/skills` to install the `@capawesome/capacitor-app-integrity` plugin in my project.
 ``

If you prefer **Manual Setup**, install the plugin by running the following commands and follow the platform-specific instructions below:

`[](#%5F%5Fcodelineno-2-1)npm install @capawesome/capacitor-app-integrity
[](#%5F%5Fcodelineno-2-2)npx cap sync
`

### Android[¶](#android "Permanent link")

The Play Integrity API must be set up in the Google Play Console before you can request integrity tokens. Follow the [official setup instructions](https://developer.android.com/google/play/integrity/setup) to link a Google Cloud project to your app. You need the **Google Cloud project number** of the linked project for the standard request flow.

#### Variables[¶](#variables "Permanent link")

This plugin will use the following project variables (defined in your app's `variables.gradle` file):

* `$playIntegrityVersion` version of `com.google.android.play:integrity` (default: `1.6.0`)

### iOS[¶](#ios "Permanent link")

App Attest requires the **App Attest capability**. Add it to your app in Xcode under **Signing & Capabilities** or add the following entitlement to your `.entitlements` file:

`[](#%5F%5Fcodelineno-3-1)<key>com.apple.developer.devicecheck.appattest-environment</key>
[](#%5F%5Fcodelineno-3-2)<string>development</string>
`

Use the value `development` to attest against Apple's sandbox servers during development and `production` for App Store builds. Note that App Attest is not supported on simulators, so you need a real device for testing.

## Configuration[¶](#configuration "Permanent link")

No configuration required for this plugin.

## Usage[¶](#usage "Permanent link")

`` [](#%5F%5Fcodelineno-4-1)import { AppIntegrity } from '@capawesome/capacitor-app-integrity';
[](#%5F%5Fcodelineno-4-2)import { Capacitor } from '@capacitor/core';
[](#%5F%5Fcodelineno-4-3)
[](#%5F%5Fcodelineno-4-4)const isAvailable = async () => {
[](#%5F%5Fcodelineno-4-5)  const { available } = await AppIntegrity.isAvailable();
[](#%5F%5Fcodelineno-4-6)  return available;
[](#%5F%5Fcodelineno-4-7)};
[](#%5F%5Fcodelineno-4-8)
[](#%5F%5Fcodelineno-4-9)const prepareIntegrityToken = async () => {
[](#%5F%5Fcodelineno-4-10)  // Only available on Android
[](#%5F%5Fcodelineno-4-11)  await AppIntegrity.prepareIntegrityToken({
[](#%5F%5Fcodelineno-4-12)    cloudProjectNumber: 123456789012,
[](#%5F%5Fcodelineno-4-13)  });
[](#%5F%5Fcodelineno-4-14)};
[](#%5F%5Fcodelineno-4-15)
[](#%5F%5Fcodelineno-4-16)const requestIntegrityToken = async () => {
[](#%5F%5Fcodelineno-4-17)  // Only available on Android
[](#%5F%5Fcodelineno-4-18)  if (Capacitor.getPlatform() === 'android') {
[](#%5F%5Fcodelineno-4-19)    // Standard request (recommended, requires a prior call to `prepareIntegrityToken(...)`)
[](#%5F%5Fcodelineno-4-20)    const { token } = await AppIntegrity.requestIntegrityToken({
[](#%5F%5Fcodelineno-4-21)      requestHash: '2cp24z...',
[](#%5F%5Fcodelineno-4-22)    });
[](#%5F%5Fcodelineno-4-23)    // Classic request
[](#%5F%5Fcodelineno-4-24)    const { token: classicToken } = await AppIntegrity.requestIntegrityToken({
[](#%5F%5Fcodelineno-4-25)      nonce: 'R2Rra24fVm5xa2Mg',
[](#%5F%5Fcodelineno-4-26)    });
[](#%5F%5Fcodelineno-4-27)    // Send the token to your server for verification
[](#%5F%5Fcodelineno-4-28)  }
[](#%5F%5Fcodelineno-4-29)};
[](#%5F%5Fcodelineno-4-30)
[](#%5F%5Fcodelineno-4-31)const attestKey = async () => {
[](#%5F%5Fcodelineno-4-32)  // Only available on iOS
[](#%5F%5Fcodelineno-4-33)  if (Capacitor.getPlatform() === 'ios') {
[](#%5F%5Fcodelineno-4-34)    // 1. Generate a new key pair and store the key identifier
[](#%5F%5Fcodelineno-4-35)    const { keyId } = await AppIntegrity.generateKey();
[](#%5F%5Fcodelineno-4-36)    // 2. Attest the key with a one-time challenge received from your server
[](#%5F%5Fcodelineno-4-37)    const { attestationObject } = await AppIntegrity.attestKey({
[](#%5F%5Fcodelineno-4-38)      keyId,
[](#%5F%5Fcodelineno-4-39)      challenge: 'dGhpc2lzYWNoYWxsZW5nZQ==',
[](#%5F%5Fcodelineno-4-40)    });
[](#%5F%5Fcodelineno-4-41)    // 3. Send the attestation object to your server for verification
[](#%5F%5Fcodelineno-4-42)  }
[](#%5F%5Fcodelineno-4-43)};
[](#%5F%5Fcodelineno-4-44)
[](#%5F%5Fcodelineno-4-45)const generateAssertion = async () => {
[](#%5F%5Fcodelineno-4-46)  // Only available on iOS
[](#%5F%5Fcodelineno-4-47)  if (Capacitor.getPlatform() === 'ios') {
[](#%5F%5Fcodelineno-4-48)    const { assertion } = await AppIntegrity.generateAssertion({
[](#%5F%5Fcodelineno-4-49)      keyId: 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g=',
[](#%5F%5Fcodelineno-4-50)      clientData: 'eyJjaGFsbGVuZ2UiOiJkR2hwYzJsellXTm9ZV3hzWlc1blpRPT0ifQ==',
[](#%5F%5Fcodelineno-4-51)    });
[](#%5F%5Fcodelineno-4-52)    // Send the assertion to your server for verification
[](#%5F%5Fcodelineno-4-53)  }
[](#%5F%5Fcodelineno-4-54)};
 ``

## API[¶](#api "Permanent link")

* [attestKey(...)](#attestkey)
* [generateAssertion(...)](#generateassertion)
* [generateKey()](#generatekey)
* [isAvailable()](#isavailable)
* [prepareIntegrityToken(...)](#prepareintegritytoken)
* [requestIntegrityToken(...)](#requestintegritytoken)
* [Interfaces](#interfaces)

### attestKey(...)[¶](#attestkey "Permanent link")

`[](#%5F%5Fcodelineno-5-1)attestKey(options: AttestKeyOptions) => Promise<AttestKeyResult>
`

Attest a key generated with `generateKey()` using Apple's App Attest service.

The returned attestation object must be sent to your server, which verifies it with Apple and stores the key identifier for future assertions.

Only available on iOS.

| Param       | Type                                  |
| ----------- | ------------------------------------- |
| **options** | [AttestKeyOptions](#attestkeyoptions) |

**Returns:** `Promise<[AttestKeyResult](#attestkeyresult)>`

**Since:** 0.1.0

---

### generateAssertion(...)[¶](#generateassertion "Permanent link")

`[](#%5F%5Fcodelineno-6-1)generateAssertion(options: GenerateAssertionOptions) => Promise<GenerateAssertionResult>
`

Generate an assertion for the given client data using an attested key.

The returned assertion must be sent to your server along with the client data, where it is verified using the previously stored key identifier.

Only available on iOS.

| Param       | Type                                                  |
| ----------- | ----------------------------------------------------- |
| **options** | [GenerateAssertionOptions](#generateassertionoptions) |

**Returns:** `Promise<[GenerateAssertionResult](#generateassertionresult)>`

**Since:** 0.1.0

---

### generateKey()[¶](#generatekey "Permanent link")

`[](#%5F%5Fcodelineno-7-1)generateKey() => Promise<GenerateKeyResult>
`

Generate a new App Attest key pair.

The private key is stored in the Secure Enclave. Store the returned key identifier in your app to attest the key and generate assertions later.

Only available on iOS.

**Returns:** `Promise<[GenerateKeyResult](#generatekeyresult)>`

**Since:** 0.1.0

---

### isAvailable()[¶](#isavailable "Permanent link")

`[](#%5F%5Fcodelineno-8-1)isAvailable() => Promise<IsAvailableResult>
`

Check whether app integrity attestation is available on this device.

On Android, this checks whether Google Play Services is available. On iOS, this checks whether the App Attest service is supported. On iOS, the App Attest service is not supported on simulators.

**Returns:** `Promise<[IsAvailableResult](#isavailableresult)>`

**Since:** 0.1.0

---

### prepareIntegrityToken(...)[¶](#prepareintegritytoken "Permanent link")

`[](#%5F%5Fcodelineno-9-1)prepareIntegrityToken(options: PrepareIntegrityTokenOptions) => Promise<void>
`

Prepare the integrity token provider for standard integrity token requests.

Call this method once, for example at app start, before calling `requestIntegrityToken(...)` with a request hash. The preparation can take several seconds, so it should be done well ahead of the first request.

Only available on Android.

| Param       | Type                                                          |
| ----------- | ------------------------------------------------------------- |
| **options** | [PrepareIntegrityTokenOptions](#prepareintegritytokenoptions) |

**Since:** 0.1.0

---

### requestIntegrityToken(...)[¶](#requestintegritytoken "Permanent link")

`[](#%5F%5Fcodelineno-10-1)requestIntegrityToken(options: RequestIntegrityTokenOptions) => Promise<RequestIntegrityTokenResult>
`

Request an integrity token from the Play Integrity API.

Provide a `requestHash` for a standard request (recommended, requires a prior call to `prepareIntegrityToken(...)`) or a `nonce` for a classic request.

The returned token must be sent to your server, which decrypts and verifies it via Google's servers.

Only available on Android.

| Param       | Type                                                          |
| ----------- | ------------------------------------------------------------- |
| **options** | [RequestIntegrityTokenOptions](#requestintegritytokenoptions) |

**Returns:** `Promise<[RequestIntegrityTokenResult](#requestintegritytokenresult)>`

**Since:** 0.1.0

---

### Interfaces[¶](#interfaces "Permanent link")

#### AttestKeyResult[¶](#attestkeyresult "Permanent link")

| Prop                  | Type   | Description                                                                                               | Since |
| --------------------- | ------ | --------------------------------------------------------------------------------------------------------- | ----- |
| **attestationObject** | string | The attestation object, encoded as a base64 string. Send this to your server for verification with Apple. | 0.1.0 |

#### AttestKeyOptions[¶](#attestkeyoptions "Permanent link")

| Prop          | Type   | Description                                                                                                                                                                     | Since |
| ------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **challenge** | string | The one-time challenge received from your server, encoded as a base64 string. The challenge is hashed with SHA-256 on the device before it is passed to the App Attest service. | 0.1.0 |
| **keyId**     | string | The identifier of the key to attest, as returned by generateKey().                                                                                                              | 0.1.0 |

#### GenerateAssertionResult[¶](#generateassertionresult "Permanent link")

| Prop          | Type   | Description                                                                                  | Since |
| ------------- | ------ | -------------------------------------------------------------------------------------------- | ----- |
| **assertion** | string | The assertion object, encoded as a base64 string. Send this to your server for verification. | 0.1.0 |

#### GenerateAssertionOptions[¶](#generateassertionoptions "Permanent link")

| Prop           | Type   | Description                                                                                                                                                                                                                                           | Since |
| -------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **clientData** | string | The client data to sign, encoded as a base64 string. This is usually a JSON payload that includes a one-time challenge received from your server. The client data is hashed with SHA-256 on the device before it is passed to the App Attest service. | 0.1.0 |
| **keyId**      | string | The identifier of an attested key, as returned by generateKey().                                                                                                                                                                                      | 0.1.0 |

#### GenerateKeyResult[¶](#generatekeyresult "Permanent link")

| Prop      | Type   | Description                               | Since |
| --------- | ------ | ----------------------------------------- | ----- |
| **keyId** | string | The identifier of the generated key pair. | 0.1.0 |

#### IsAvailableResult[¶](#isavailableresult "Permanent link")

| Prop          | Type    | Description                                                    | Since |
| ------------- | ------- | -------------------------------------------------------------- | ----- |
| **available** | boolean | Whether app integrity attestation is available on this device. | 0.1.0 |

#### PrepareIntegrityTokenOptions[¶](#prepareintegritytokenoptions "Permanent link")

| Prop                   | Type   | Description                                                                                           | Since |
| ---------------------- | ------ | ----------------------------------------------------------------------------------------------------- | ----- |
| **cloudProjectNumber** | number | The Google Cloud project number of the project that is linked to your Play Console developer account. | 0.1.0 |

#### RequestIntegrityTokenResult[¶](#requestintegritytokenresult "Permanent link")

| Prop      | Type   | Description                                                                                         | Since |
| --------- | ------ | --------------------------------------------------------------------------------------------------- | ----- |
| **token** | string | The integrity token. Send this to your server, which decrypts and verifies it via Google's servers. | 0.1.0 |

#### RequestIntegrityTokenOptions[¶](#requestintegritytokenoptions "Permanent link")

| Prop                   | Type   | Description                                                                                                                                                                                             | Since |
| ---------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **cloudProjectNumber** | number | The Google Cloud project number of the project that is linked to your Play Console developer account. Only used for classic requests. It is required if your app is distributed outside of Google Play. | 0.1.0 |
| **nonce**              | string | The one-time nonce for a classic request, encoded as a base64 web-safe no-wrap string. Provide either nonce or requestHash.                                                                             | 0.1.0 |
| **requestHash**        | string | The request hash for a standard request. Requires a prior call to prepareIntegrityToken(...). Provide either nonce or requestHash.                                                                      | 0.1.0 |

## How Verification Works[¶](#how-verification-works "Permanent link")

This plugin only provides the **client-side** part of the attestation flow. The returned tokens, attestation objects, and assertions are opaque to your app and **must** be verified on your own server. Never make security decisions based on the client-side result alone.

The typical flow looks like this:

1. Your app requests a one-time challenge (or nonce) from your server.
2. Your app calls this plugin to obtain an integrity token (Android) or an attestation object/assertion (iOS) that is bound to the challenge.
3. Your app sends the result to your server.
4. Your server verifies the result:
5. **Android**: Decrypt and verify the integrity token via the [Play Integrity API](https://developer.android.com/google/play/integrity/verdicts) and evaluate the verdicts.
6. **iOS**: Validate the attestation object or assertion as described in [Validating Apps That Connect to Your Server](https://developer.apple.com/documentation/devicecheck/validating-apps-that-connect-to-your-server).
7. Your server grants or denies access based on the verification result.

On Android, Google recommends the **standard request** flow (`prepareIntegrityToken(...)` \+ `requestIntegrityToken({ requestHash })`) for frequent integrity checks. Use the **classic request** flow (`requestIntegrityToken({ nonce })`) only for infrequent, high-value actions.

## Changelog[¶](#changelog "Permanent link")

See [CHANGELOG.md](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/app-integrity/CHANGELOG.md).

## License[¶](#license "Permanent link")

See [LICENSE](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/app-integrity/LICENSE).

July 7, 2026 

Back to top

```json
{"@context": "https://schema.org", "@graph": [{"@type": "TechArticle", "@id": "https://capawesome.io/docs/sdks/capacitor/app-integrity/#article", "headline": "Capacitor App Integrity Plugin", "name": "Capacitor App Integrity Plugin", "description": "Capacitor plugin to verify app and device integrity using the Play Integrity API on Android and App Attest on iOS, with server-side verification.", "inLanguage": "en", "url": "https://capawesome.io/docs/sdks/capacitor/app-integrity/", "mainEntityOfPage": "https://capawesome.io/docs/sdks/capacitor/app-integrity/", "author": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "publisher": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "about": {"@id": "https://capawesome.io/docs/sdks/capacitor/app-integrity/#software"}}, {"@type": "SoftwareSourceCode", "@id": "https://capawesome.io/docs/sdks/capacitor/app-integrity/#software", "name": "Capacitor App Integrity Plugin", "description": "Capacitor plugin to verify app and device integrity using the Play Integrity API on Android and App Attest on iOS, with server-side verification.", "url": "https://capawesome.io/docs/sdks/capacitor/app-integrity/", "programmingLanguage": "TypeScript", "runtimePlatform": "Capacitor", "codeRepository": "https://github.com/capawesome-team", "author": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "publisher": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}}]}
```
