Verifies an iOS client is a real iOS device. If the request is valid, a receipt will be sent in the response and a secret will be sent via Apple Push Notification Service. The client should send both of them back to certain Identity Platform APIs in a later call (for example, /accounts:sendVerificationCode), in order to verify the client. The bundle ID is required in the request header asx-ios-bundle-identifier.
AnAPI keyis required in the request in order to identify the Google Cloud project.
HTTP request
POST https://identitytoolkit.googleapis.com/v1/accounts:verifyIosClient
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-30 UTC."],[[["\u003cp\u003eThis API verifies if an iOS client is a real device, sending a receipt in the response and a secret via Apple Push Notification Service upon successful validation.\u003c/p\u003e\n"],["\u003cp\u003eThe client must provide its bundle ID in the request header (\u003ccode\u003ex-ios-bundle-identifier\u003c/code\u003e) and an API key for Google Cloud project identification.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires an \u003ccode\u003eappToken\u003c/code\u003e (a device token from APNs) and an \u003ccode\u003eisSandbox\u003c/code\u003e flag to indicate the environment type (sandbox or production).\u003c/p\u003e\n"],["\u003cp\u003eThe response body contains a \u003ccode\u003ereceipt\u003c/code\u003e confirming the app token's validation and a \u003ccode\u003esuggestedTimeout\u003c/code\u003e indicating the recommended waiting time for the push notification.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization requires either the \u003ccode\u003ehttps://www.googleapis.com/auth/identitytoolkit\u003c/code\u003e or \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,["# Method: accounts.verifyIosClient\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.VerifyIosClientResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nVerifies an iOS client is a real iOS device. If the request is valid, a receipt will be sent in the response and a secret will be sent via Apple Push Notification Service. The client should send both of them back to certain Identity Platform APIs in a later call (for example, /accounts:sendVerificationCode), in order to verify the client. The bundle ID is required in the request header as `x-ios-bundle-identifier`.\n\nAn [API key](https://cloud.google.com/docs/authentication/api-keys) is required in the request in order to identify the Google Cloud project.\n\n### HTTP request\n\n`POST https://identitytoolkit.googleapis.com/v1/accounts:verifyIosClient`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for accounts.verifyIosClient.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/identitytoolkit`\n- `\n https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]
