Determining development/production environment for DeviceCheck

App & System Services General
endecotp OP
Created Mar ’22
Replies 1
Boosts 0
Views 1.1k
Participants 1

Is there a recommended way to determine whether to use the development or the production server API endpoint for DeviceCheck?

For App Attest, the authenticator data includes either "appattest" or "appattestdevelop" in a field of the cbor data. For IAPs, we're supposed to try the production endpoint and then retry with the development endpoint if we get a particular HTTP status code. But the docs for DeviceCheck say only to use the development endpoint in development and the production endpoint in production.

What are others doing? Is there any clue in the docs that I have missed?

Replies  1
Boosts  0
Views  1.1k
Participants  1
endecotp OP
Mar ’22

I asked Developer Technical Support about this, and they suggested that I should use "#ifdef DEBUG".

I am not convinced that that is a sensible approach. (Surely people test non-debug build before shipping, right?)

There is a stack overflow question about this:

https://stackoverflow.com/questions/3426467/how-to-determine-at-run-time-if-app-is-for-development-app-store-or-ad-hoc-dist

The most popular idea there is to inspect the embedded.mobileprovision file.

Has anyone here done that?

0
Determining development/production environment for DeviceCheck
First post date Last post date
 
 
Q