Backend Blues? Protect Your Backend Resources from Abuse
Are you tired of worrying about outside actors accessing your backend resources and racking up unwanted costs? Do you want to ensure that you’re only paying for traffic generated by your app and not from malicious sources? Look no further, because in this talk, we will show you how to protect your backend resources by validating that incoming requests are coming from your apps on authentic, untampered devices, or from your hosted domains.
We will cover the attestation steps to ensure that the incoming traffic to your protected backend resources are from your client apps (app and device authentication) on the following platforms using Firebase App Check.
* Apple platforms with DeviceCheck or App Attest
* Android with Play Integrity
* Web apps with reCAPTCHA v3 or reCAPTCHA Enterprise
* Flutter (Play Integrity, reCAPTCHA)
You will learn how to:
1. Generate a Firebase App Check token in your client application (Android, iOS, Flutter, and Web).
2. Include the App Check token in the outgoing request to your protected backend service.
3. Validate incoming requests in your backend service in a language-agnostic way.
4. Validate incoming requests in your Node.js, Go, Python, and Java backend services using Firebase Admin SDK.
Speaker: Lahiru Maramba
Software Engineer, Firebase at Google
Date: 12 May 2023
Time: 11:50 - 12:20