Reputation: 21
Firebase AppCheck Quotas & Limits
From firebase documentary https://firebase.google.com/docs/app-check
Your use of App Check is subject to the quotas and limits of the attestation providers you use. DeviceCheck access is subject to any quotas or limitations set by Apple. SafetyNet has a daily quota of 10,000 calls...
My question is: what does it mean by saying "10,000 calls per day"? is it's 10.000 API calls to firebase service, example: call Cloud functions 10.000 times? if it's true then this will limit the mumber of users using our app.
Upvotes: 2
Views: 2177
Answers (3)
Reputation: 1174
I can add from the point of Android Firebase SDK. It contains support for the cache token itself. As was mentioned - the token will be fetched from the cache until it's valid.
1 quota usage is equivalent to 1 API request into the Firebase backend service to obtain a new token.
If you are interested in more insights about Android side implementation - check my story.
Upvotes: 0
Reputation: 2957
The answer from Firebase support :
I will do my best to answer your questions. About the first one, yes, here are the exact quota limits for each project:
2,000,000 calls per day. 10,000 calls per minute. 50 per user per minute.
Just keep in mind that these are subject to change.
About the second question, the attestation API is called when a new token is generated. The API Requests are handled by the Firebase Services and verified by the AppCheck backend.
The 10k calls per day are only when a new token is generated, which means that if you expire tokens each day for example and have less than 10k users daily, you should not reach the limit.
However, the 2 000 000 calls per day are (from my understanding) the verify_token method of the firebase_admin_sdk to actually verify the token.
Upvotes: 0
Reputation: 1028
It means your application can make 10,000 calls per day to SafetyNet when clients interact with backend resources. You can fill out a form requesting to increase that limit - 10,000 is just the baseline. You should take a look at the documentation as suggested by Firebase.
Clients will send an App Check token with each request made to Firebase, and Firebase will validate the token before allowing access to resources when App Check is enforced/enabled in the console. The understanding is that this would be something similar to a JWT, so it is valid for some amount of time for any one app instance (or user).
Upvotes: 1
Related Questions
- Firebase App Check rejecting all requests from Android devices
- Flutter Firebase whereIN 10 limit Problem
- Firebase App Check prevents Firestore unlimited requests?
- App check unwanted enforcement on Firebase callable functions
- Firestore quota exceeded for a flutter app
- Error while handling Appcheck with flutter
- Firebase API key restrictions
- Firebase Quota - FirebaseAuth Current User
- Check Firebase phone auth limit programmatically?
- Firestore ignore limit (on flutter)