googleapis

/// <reference types="node" /> import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosPromise, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace firebaseappcheck_v1beta { export interface Options extends GlobalOptions { version: 'v1beta'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Firebase App Check API * * Firebase App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing. * * @example * ```js * const {google} = require('googleapis'); * const firebaseappcheck = google.firebaseappcheck('v1beta'); * ``` */ export class Firebaseappcheck { context: APIRequestContext; jwks: Resource$Jwks; oauthClients: Resource$Oauthclients; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * An app's App Attest configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch). */ export interface Schema$GoogleFirebaseAppcheckV1betaAppAttestConfig { /** * Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/appAttestConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check. */ export interface Schema$GoogleFirebaseAppcheckV1betaAppCheckToken { /** * An App Check token. App Check tokens are signed [JWTs](https://tools.ietf.org/html/rfc7519) containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check. */ attestationToken?: string | null; /** * An App Check token. App Check tokens are signed [JWTs](https://tools.ietf.org/html/rfc7519) containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check. */ token?: string | null; /** * The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check. */ export interface Schema$GoogleFirebaseAppcheckV1betaAttestationTokenResponse { /** * An App Check token. App Check tokens are signed [JWTs](https://tools.ietf.org/html/rfc7519) containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check. */ attestationToken?: string | null; /** * The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Response message for the BatchGetAppAttestConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetAppAttestConfigsResponse { /** * AppAttestConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaAppAttestConfig[]; } /** * Response message for the BatchGetDeviceCheckConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetDeviceCheckConfigsResponse { /** * DeviceCheckConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaDeviceCheckConfig[]; } /** * Response message for the BatchGetPlayIntegrityConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetPlayIntegrityConfigsResponse { /** * PlayIntegrityConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaPlayIntegrityConfig[]; } /** * Response message for the BatchGetRecaptchaConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetRecaptchaConfigsResponse { /** * RecaptchaConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaRecaptchaConfig[]; } /** * Response message for the BatchGetRecaptchaEnterpriseConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetRecaptchaEnterpriseConfigsResponse { /** * RecaptchaEnterpriseConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaRecaptchaEnterpriseConfig[]; } /** * Response message for the BatchGetRecaptchaV3Configs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetRecaptchaV3ConfigsResponse { /** * RecaptchaV3Configs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaRecaptchaV3Config[]; } /** * Response message for the BatchGetSafetyNetConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchGetSafetyNetConfigsResponse { /** * SafetyNetConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1betaSafetyNetConfig[]; } /** * Request message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchUpdateServicesRequest { /** * Required. The request messages specifying the Services to update. A maximum of 100 objects can be updated in a batch. */ requests?: Schema$GoogleFirebaseAppcheckV1betaUpdateServiceRequest[]; /** * Optional. A comma-separated list of names of fields in the Services to update. Example: `display_name`. If this field is present, the `update_mask` field in the UpdateServiceRequest messages must all match this field, or the entire batch fails and no updates will be committed. */ updateMask?: string | null; } /** * Response message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1betaBatchUpdateServicesResponse { /** * Service objects after the updates have been applied. */ services?: Schema$GoogleFirebaseAppcheckV1betaService[]; } /** * A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services. */ export interface Schema$GoogleFirebaseAppcheckV1betaDebugToken { /** * Required. A human readable display name used to identify this debug token. */ displayName?: string | null; /** * Required. The relative resource name of the debug token, in the format: ``` projects/{project_number\}/apps/{app_id\}/debugTokens/{debug_token_id\} ``` */ name?: string | null; /** * Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response. */ token?: string | null; } /** * An app's DeviceCheck configuration object. This configuration is used by ExchangeDeviceCheckToken to validate device tokens issued to apps by DeviceCheck. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch). */ export interface Schema$GoogleFirebaseAppcheckV1betaDeviceCheckConfig { /** * Required. The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account. */ keyId?: string | null; /** * Required. The relative resource name of the DeviceCheck configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/deviceCheckConfig ``` */ name?: string | null; /** * Required. Input only. The contents of the private key (`.p8`) file associated with the key specified by `key_id`. For security reasons, this field will never be populated in any response. */ privateKey?: string | null; /** * Output only. Whether the `private_key` field was previously set. Since we will never return the `private_key` field, this field is the only way to find out whether it was previously set. */ privateKeySet?: boolean | null; /** * Specifies the duration for which App Check tokens exchanged from DeviceCheck tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * Request message for the ExchangeAppAttestAssertion method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAssertionRequest { /** * Required. The artifact returned by a previous call to ExchangeAppAttestAttestation. */ artifact?: string | null; /** * Required. The CBOR-encoded assertion returned by the client-side App Attest API. */ assertion?: string | null; /** * Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge. */ challenge?: string | null; /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeAppAttestAttestation method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationRequest { /** * Required. The App Attest statement returned by the client-side App Attest API. This is a base64url encoded CBOR object in the JSON response. */ attestationStatement?: string | null; /** * Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge. */ challenge?: string | null; /** * Required. The key ID generated by App Attest for the client app. */ keyId?: string | null; /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; } /** * Response message for the ExchangeAppAttestAttestation method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse { /** * Encapsulates an App Check token. */ appCheckToken?: Schema$GoogleFirebaseAppcheckV1betaAppCheckToken; /** * An artifact that can be used in future calls to ExchangeAppAttestAssertion. */ artifact?: string | null; /** * Encapsulates an App Check token. */ attestationToken?: Schema$GoogleFirebaseAppcheckV1betaAttestationTokenResponse; } /** * Request message for the ExchangeCustomToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeCustomTokenRequest { /** * Required. A custom token signed using your project's Admin SDK service account credentials. */ customToken?: string | null; /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeDebugToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeDebugTokenRequest { /** * Required. A debug token secret. This string must match a debug token secret previously created using CreateDebugToken. */ debugToken?: string | null; /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeDeviceCheckToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeDeviceCheckTokenRequest { /** * Required. The `device_token` as returned by Apple's client-side [DeviceCheck API](https://developer.apple.com/documentation/devicecheck/dcdevice). This is the base64 encoded `Data` (Swift) or `NSData` (ObjC) object. */ deviceToken?: string | null; /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; } /** * Request message for the ExchangePlayIntegrityToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangePlayIntegrityTokenRequest { /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; /** * Required. The [integrity verdict response token from Play Integrity](https://developer.android.com/google/play/integrity/verdict#decrypt-verify) issued to your app. */ playIntegrityToken?: string | null; } /** * Request message for the ExchangeRecaptchaEnterpriseToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeRecaptchaEnterpriseTokenRequest { /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; /** * Required. The reCAPTCHA token as returned by the [reCAPTCHA Enterprise JavaScript API](https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages). */ recaptchaEnterpriseToken?: string | null; } /** * Request message for the ExchangeRecaptchaToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeRecaptchaTokenRequest { /** * Required. The reCAPTCHA token as returned by the [reCAPTCHA v3 JavaScript API](https://developers.google.com/recaptcha/docs/v3). */ recaptchaToken?: string | null; } /** * Request message for the ExchangeRecaptchaV3Token method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeRecaptchaV3TokenRequest { /** * Forces a short-lived token with a 5 minute TTL. Useful when the client wishes to impose stricter TTL requirements for this exchange. Default: false. */ limitedUse?: boolean | null; /** * Required. The reCAPTCHA token as returned by the [reCAPTCHA v3 JavaScript API](https://developers.google.com/recaptcha/docs/v3). */ recaptchaV3Token?: string | null; } /** * Request message for the ExchangeSafetyNetToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaExchangeSafetyNetTokenRequest { /** * Required. The [SafetyNet attestation response](https://developer.android.com/training/safetynet/attestation#request-attestation-step) issued to your app. */ safetyNetToken?: string | null; } /** * Request message for the GenerateAppAttestChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeRequest { } /** * Response message for the GenerateAppAttestChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse { /** * A one-time use challenge for the client to pass to the App Attest API. */ challenge?: string | null; /** * The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Request message for the GeneratePlayIntegrityChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1betaGeneratePlayIntegrityChallengeRequest { } /** * Response message for the GeneratePlayIntegrityChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1betaGeneratePlayIntegrityChallengeResponse { /** * A one-time use [challenge](https://developer.android.com/google/play/integrity/verdict#protect-against-replay-attacks) for the client to pass to the Play Integrity API. */ challenge?: string | null; /** * The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Response message for the ListDebugTokens method. */ export interface Schema$GoogleFirebaseAppcheckV1betaListDebugTokensResponse { /** * The DebugTokens retrieved. */ debugTokens?: Schema$GoogleFirebaseAppcheckV1betaDebugToken[]; /** * If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListDebugTokens to find the next group of DebugTokens. Page tokens are short-lived and should not be persisted. */ nextPageToken?: string | null; } /** * Response message for the ListServices method. */ export interface Schema$GoogleFirebaseAppcheckV1betaListServicesResponse { /** * If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListServices to find the next group of Services. Page tokens are short-lived and should not be persisted. */ nextPageToken?: string | null; /** * The Services retrieved. */ services?: Schema$GoogleFirebaseAppcheckV1betaService[]; } /** * An app's Play Integrity configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangePlayIntegrityToken, such as its ttl. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by the Play Integrity API; please register them via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.androidApps.sha/create). */ export interface Schema$GoogleFirebaseAppcheckV1betaPlayIntegrityConfig { /** * Required. The relative resource name of the Play Integrity configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/playIntegrityConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from Play Integrity tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * A JWK as specified by [section 4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4) and [section 6.3.1 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1). */ export interface Schema$GoogleFirebaseAppcheckV1betaPublicJwk { /** * See [section 4.4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.4). */ alg?: string | null; /** * See [section 6.3.1.2 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1.2). */ e?: string | null; /** * See [section 4.5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.5). */ kid?: string | null; /** * See [section 4.1 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.1). */ kty?: string | null; /** * See [section 6.3.1.1 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1.1). */ n?: string | null; /** * See [section 4.2 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.2). */ use?: string | null; } /** * The currently active set of public keys that can be used to verify App Check tokens. This object is a JWK set as specified by [section 5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). For security, the response **must not** be cached for longer than six hours. */ export interface Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet { /** * The set of public keys. See [section 5.1 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). */ keys?: Schema$GoogleFirebaseAppcheckV1betaPublicJwk[]; } /** * An app's reCAPTCHA v3 configuration object. This configuration is used by ExchangeRecaptchaToken to validate reCAPTCHA tokens issued to apps by reCAPTCHA v3. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. */ export interface Schema$GoogleFirebaseAppcheckV1betaRecaptchaConfig { /** * Required. The relative resource name of the reCAPTCHA v3 configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/recaptchaConfig ``` */ name?: string | null; /** * Required. Input only. The site secret used to identify your service for reCAPTCHA v3 verification. For security reasons, this field will never be populated in any response. */ siteSecret?: string | null; /** * Output only. Whether the `site_secret` field was previously set. Since we will never return the `site_secret` field, this field is the only way to find out whether it was previously set. */ siteSecretSet?: boolean | null; /** * Specifies the duration for which App Check tokens exchanged from reCAPTCHA tokens will be valid. If unset, a default value of 1 day is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * An app's reCAPTCHA Enterprise configuration object. This configuration is used by ExchangeRecaptchaEnterpriseToken to validate reCAPTCHA tokens issued to apps by reCAPTCHA Enterprise. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. */ export interface Schema$GoogleFirebaseAppcheckV1betaRecaptchaEnterpriseConfig { /** * Required. The relative resource name of the reCAPTCHA Enterprise configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/recaptchaEnterpriseConfig ``` */ name?: string | null; /** * The score-based site key [created in reCAPTCHA Enterprise](https://cloud.google.com/recaptcha-enterprise/docs/create-key#creating_a_site_key) used to [invoke reCAPTCHA and generate the reCAPTCHA tokens](https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages) for your application. Important: This is *not* the `site_secret` (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key. */ siteKey?: string | null; /** * Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * An app's reCAPTCHA v3 configuration object. This configuration is used by ExchangeRecaptchaV3Token to validate reCAPTCHA tokens issued to apps by reCAPTCHA v3. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. */ export interface Schema$GoogleFirebaseAppcheckV1betaRecaptchaV3Config { /** * Required. The relative resource name of the reCAPTCHA v3 configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/recaptchaV3Config ``` */ name?: string | null; /** * Required. Input only. The site secret used to identify your service for reCAPTCHA v3 verification. For security reasons, this field will never be populated in any response. */ siteSecret?: string | null; /** * Output only. Whether the `site_secret` field was previously set. Since we will never return the `site_secret` field, this field is the only way to find out whether it was previously set. */ siteSecretSet?: boolean | null; /** * Specifies the duration for which App Check tokens exchanged from reCAPTCHA tokens will be valid. If unset, a default value of 1 day is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * An app's SafetyNet configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangeSafetyNetToken, such as its ttl. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by SafetyNet; please register them via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.androidApps.sha/create). */ export interface Schema$GoogleFirebaseAppcheckV1betaSafetyNetConfig { /** * Required. The relative resource name of the SafetyNet configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/safetyNetConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from SafetyNet tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * The enforcement configuration for a Firebase service supported by App Check. */ export interface Schema$GoogleFirebaseAppcheckV1betaService { /** * Required. The App Check enforcement mode for this service. */ enforcementMode?: string | null; /** * Required. The relative resource name of the service configuration object, in the format: ``` projects/{project_number\}/services/{service_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `firebasestorage.googleapis.com` (Cloud Storage for Firebase) * `firebasedatabase.googleapis.com` (Firebase Realtime Database) * `firestore.googleapis.com` (Cloud Firestore) * `identitytoolkit.googleapis.com` (Firebase Authentication with Identity Platform) */ name?: string | null; /** * Output only. Timestamp when this service configuration object was most recently updated. */ updateTime?: string | null; } /** * Request message for the UpdateService method as well as an individual update message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1betaUpdateServiceRequest { /** * Required. The Service to update. The Service's `name` field is used to identify the Service to be updated, in the format: ``` projects/{project_number\}/services/{service_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `firebasestorage.googleapis.com` (Cloud Storage for Firebase) * `firebasedatabase.googleapis.com` (Firebase Realtime Database) * `firestore.googleapis.com` (Cloud Firestore) * `identitytoolkit.googleapis.com` (Firebase Authentication with Identity Platform) For Firebase Authentication to work with App Check, you must first upgrade to [Firebase Authentication with Identity Platform](https://firebase.google.com/docs/auth#identity-platform). */ service?: Schema$GoogleFirebaseAppcheckV1betaService; /** * Required. A comma-separated list of names of fields in the Service to update. Example: `enforcement_mode`. */ updateMask?: string | null; } /** * Request message for the VerifyAppCheckToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenRequest { /** * Required. The App Check token to verify. App Check tokens exchanged from the SafetyNet provider are not supported; an HTTP 400 error will be returned. */ appCheckToken?: string | null; } /** * Response message for the VerifyAppCheckToken method. */ export interface Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse { /** * Whether this token was already consumed. If this is the first time this method has seen the given App Check token, this field will be omitted from the response. The given token will then be marked as `already_consumed` (set to `true`) for all future invocations of this method for that token. Note that if the given App Check token is invalid, an HTTP 403 error is returned instead of a response containing this field, regardless whether the token was already consumed. */ alreadyConsumed?: boolean | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$GoogleProtobufEmpty { } export class Resource$Jwks { context: APIRequestContext; constructor(context: APIRequestContext); /** * Returns a public JWK set as specified by [RFC 7517](https://tools.ietf.org/html/rfc7517) that can be used to verify App Check tokens. Exactly one of the public keys in the returned set will successfully validate any App Check token that is currently valid. * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ get(params: Params$Resource$Jwks$Get, options: StreamMethodOptions): GaxiosPromise<Readable>; get(params?: Params$Resource$Jwks$Get, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet>; get(params: Params$Resource$Jwks$Get, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; get(params: Params$Resource$Jwks$Get, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet>): void; get(params: Params$Resource$Jwks$Get, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet>): void; get(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaPublicJwkSet>): void; } export interface Params$Resource$Jwks$Get extends StandardParameters { /** * Required. The relative resource name to the public JWK set. Must always be exactly the string `jwks`. */ name?: string; } export class Resource$Oauthclients { context: APIRequestContext; constructor(context: APIRequestContext); /** * Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an AppCheckToken. * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: StreamMethodOptions): GaxiosPromise<Readable>; exchangeAppAttestAssertion(params?: Params$Resource$Oauthclients$Exchangeappattestassertion, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>; exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; exchangeAppAttestAssertion(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; /** * Accepts an App Attest CBOR attestation and verifies it with Apple using your preconfigured team and bundle IDs. If valid, returns an attestation artifact that can later be exchanged for an AppCheckToken using ExchangeAppAttestAssertion. For convenience and performance, this method's response object will also contain an AppCheckToken (if the verification is successful). * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ exchangeAppAttestAttestation(params: Params$Resource$Oauthclients$Exchangeappattestattestation, options: StreamMethodOptions): GaxiosPromise<Readable>; exchangeAppAttestAttestation(params?: Params$Resource$Oauthclients$Exchangeappattestattestation, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse>; exchangeAppAttestAttestation(params: Params$Resource$Oauthclients$Exchangeappattestattestation, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; exchangeAppAttestAttestation(params: Params$Resource$Oauthclients$Exchangeappattestattestation, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse>): void; exchangeAppAttestAttestation(params: Params$Resource$Oauthclients$Exchangeappattestattestation, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse>): void; exchangeAppAttestAttestation(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationResponse>): void; /** * Generates a challenge that protects the integrity of an immediately following call to ExchangeAppAttestAttestation or ExchangeAppAttestAssertion. A challenge should not be reused for multiple calls. * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ generateAppAttestChallenge(params: Params$Resource$Oauthclients$Generateappattestchallenge, options: StreamMethodOptions): GaxiosPromise<Readable>; generateAppAttestChallenge(params?: Params$Resource$Oauthclients$Generateappattestchallenge, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse>; generateAppAttestChallenge(params: Params$Resource$Oauthclients$Generateappattestchallenge, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; generateAppAttestChallenge(params: Params$Resource$Oauthclients$Generateappattestchallenge, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse>): void; generateAppAttestChallenge(params: Params$Resource$Oauthclients$Generateappattestchallenge, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse>): void; generateAppAttestChallenge(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeResponse>): void; } export interface Params$Resource$Oauthclients$Exchangeappattestassertion extends StandardParameters { /** * Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number\}/apps/{app_id\} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. */ app?: string; /** * Request body metadata */ requestBody?: Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAssertionRequest; } export interface Params$Resource$Oauthclients$Exchangeappattestattestation extends StandardParameters { /** * Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number\}/apps/{app_id\} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. */ app?: string; /** * Request body metadata */ requestBody?: Schema$GoogleFirebaseAppcheckV1betaExchangeAppAttestAttestationRequest; } export interface Params$Resource$Oauthclients$Generateappattestchallenge extends StandardParameters { /** * Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number\}/apps/{app_id\} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. */ app?: string; /** * Request body metadata */ requestBody?: Schema$GoogleFirebaseAppcheckV1betaGenerateAppAttestChallengeRequest; } export class Resource$Projects { context: APIRequestContext; apps: Resource$Projects$Apps; services: Resource$Projects$Services; constructor(context: APIRequestContext); /** * Verifies the given App Check token and returns token usage signals that callers may act upon. This method currently only supports App Check tokens exchanged from the following attestation providers: * Play Integrity API * App Attest * DeviceCheck (`DCDevice` tokens) * reCAPTCHA Enterprise * reCAPTCHA v3 * Custom providers App Check tokens exchanged from debug secrets are also supported. Calling this method on an otherwise valid App Check token with an unsupported provider will cause an HTTP 400 error to be returned. Returns whether this token was already consumed before this call. If this is the first time this method has seen the given App Check token, the field `already_consumed` in the response will be absent. The given token will then be marked as `already_consumed` (set to `true`) for all future invocations of this method for that token. Note that if the given App Check token is invalid, an HTTP 403 error is returned instead of a response object, regardless whether the token was already consumed. Currently, when evaluating whether an App Check token was already consumed, only calls to this exact method are counted. Use of the App Check token elsewhere will not mark the token as being already consumed. The caller must have the [`firebaseappcheck.appCheckTokens.verify`](https://firebase.google.com/docs/projects/iam/permissions#app-check) permission to call this method. This permission is part of the [Firebase App Check Token Verifier role](https://firebase.google.com/docs/projects/iam/roles-predefined-product#app-check). * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ verifyAppCheckToken(params: Params$Resource$Projects$Verifyappchecktoken, options: StreamMethodOptions): GaxiosPromise<Readable>; verifyAppCheckToken(params?: Params$Resource$Projects$Verifyappchecktoken, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse>; verifyAppCheckToken(params: Params$Resource$Projects$Verifyappchecktoken, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; verifyAppCheckToken(params: Params$Resource$Projects$Verifyappchecktoken, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse>): void; verifyAppCheckToken(params: Params$Resource$Projects$Verifyappchecktoken, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse>): void; verifyAppCheckToken(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenResponse>): void; } export interface Params$Resource$Projects$Verifyappchecktoken extends StandardParameters { /** * Required. The relative resource name of the project for which the token was minted, in the format: ``` projects/{project_number\} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. */ project?: string; /** * Request body metadata */ requestBody?: Schema$GoogleFirebaseAppcheckV1betaVerifyAppCheckTokenRequest; } export class Resource$Projects$Apps { context: APIRequestContext; appAttestConfig: Resource$Projects$Apps$Appattestconfig; debugTokens: Resource$Projects$Apps$Debugtokens; deviceCheckConfig: Resource$Projects$Apps$Devicecheckconfig; playIntegrityConfig: Resource$Projects$Apps$Playintegrityconfig; recaptchaConfig: Resource$Projects$Apps$Recaptchaconfig; recaptchaEnterpriseConfig: Resource$Projects$Apps$Recaptchaenterpriseconfig; recaptchaV3Config: Resource$Projects$Apps$Recaptchav3config; safetyNetConfig: Resource$Projects$Apps$Safetynetconfig; constructor(context: APIRequestContext); /** * Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an AppCheckToken. * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ exchangeAppAttestAssertion(params: Params$Resource$Projects$Apps$Exchangeappattestassertion, options: StreamMethodOptions): GaxiosPromise<Readable>; exchangeAppAttestAssertion(params?: Params$Resource$Projects$Apps$Exchangeappattestassertion, options?: MethodOptions): GaxiosPromise<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>; exchangeAppAttestAssertion(params: Params$Resource$Projects$Apps$Exchangeappattestassertion, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; exchangeAppAttestAssertion(params: Params$Resource$Projects$Apps$Exchangeappattestassertion, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; exchangeAppAttestAssertion(params: Params$Resource$Projects$Apps$Exchangeappattestassertion, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; exchangeAppAttestAssertion(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1betaAppCheckToken>): void; /** * Accepts an App Attest CBOR attestation and verifies it with Apple using your preconfigured team and bundle IDs. If valid, returns an attestation artifact that can later be exchanged for an AppCheckToken using ExchangeAppAttestAssertion. For convenience and performance, this method's response object will also contain an AppCheckToken (if the verification is successful). * * @param params - Parameters for request * @param options - Optionally override