{"id":4347,"library":"devicecheck","title":"Apple DeviceCheck API","description":"The `devicecheck` Python library provides a wrapper for the Apple DeviceCheck API, allowing developers to manage device state and assert app integrity to reduce fraudulent use of services. It supports both synchronous and asynchronous operations. The library is actively maintained, with regular releases, currently at version 1.3.3.","status":"active","version":"1.3.3","language":"en","source_language":"en","source_url":"https://github.com/Kylmakalle/devicecheck","tags":["Apple","DeviceCheck","fraud","security","asyncio","iOS","authentication"],"install":[{"cmd":"pip install devicecheck","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"symbol":"DeviceCheck","correct":"from devicecheck import DeviceCheck"},{"note":"Asyncio specific classes are in a dedicated 'asyncio' submodule since v1.3.0.","wrong":"from devicecheck import AsyncioDeviceCheck","symbol":"AsyncioDeviceCheck","correct":"from devicecheck.asyncio import AsyncioDeviceCheck"},{"symbol":"validate_device","correct":"from devicecheck.decorators import validate_device"},{"symbol":"DCSupportedFrameworks","correct":"from devicecheck.decorators import DCSupportedFrameworks"},{"symbol":"async_validate_device","correct":"from devicecheck.decorators import async_validate_device"},{"symbol":"DCSupportedAsyncFrameworks","correct":"from devicecheck.decorators import DCSupportedAsyncFrameworks"}],"quickstart":{"code":"import os\nfrom devicecheck import DeviceCheck\n\n# Configure DeviceCheck client using environment variables for security\ndc_client = DeviceCheck(\n    team_id=os.environ.get(\"APPLE_TEAM_ID\", \"\"),\n    bundle_id=os.environ.get(\"APPLE_BUNDLE_ID\", \"\"),\n    key_id=os.environ.get(\"APPLE_KEY_ID\", \"\"),\n    private_key=os.environ.get(\"APPLE_PRIVATE_KEY_PATH\", \"\"),\n    dev_environment=bool(os.environ.get(\"DC_DEV_ENVIRONMENT\", \"False\").lower() == \"true\"),\n    # Set raise_on_error=True to get Python exceptions on API errors\n    raise_on_error=True\n)\n\n# IMPORTANT: Replace with an actual device token generated by your iOS app\n# For testing, you might use a mocked token if the library supports it via env vars.\ndevice_token = os.environ.get(\"TEST_DEVICE_TOKEN\", \"YOUR_ACTUAL_DEVICE_TOKEN_HERE\")\n\nif not device_token:\n    print(\"Error: TEST_DEVICE_TOKEN environment variable not set, or placeholder not replaced.\")\n    print(\"Please provide a valid device token from your iOS app for real testing.\")\nelse:\n    try:\n        # Validate the device token\n        validation_result = dc_client.validate_device_token(device_token)\n        \n        if validation_result.is_ok:\n            print('Device is valid!')\n            # Example: Query bits data if needed\n            # bits_data = dc_client.query_two_bits(device_token)\n            # print(f'Bit 0: {bits_data.bit0}, Bit 1: {bits_data.bit1}')\n        else:\n            print(f'Device validation failed: {validation_result.description}')\n\n    except Exception as e:\n        print(f\"An error occurred during DeviceCheck operation: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the `DeviceCheck` client and validate a device token. It uses environment variables for sensitive Apple credentials, which is a recommended security practice. Remember to obtain `team_id`, `bundle_id`, `key_id`, and the `private_key` path from your Apple Developer account, and set `dev_environment` appropriately for your testing or production environment. The `device_token` must be generated by your iOS application on a physical device."},"warnings":[{"fix":"Refer to the library's GitHub README or documentation for updated decorator usage patterns.","message":"Decorators for web frameworks (`@validate_device`, etc.) were reworked in version 1.2.0. If you were using these decorators prior to this version, review the changes and update your implementation accordingly.","severity":"breaking","affected_versions":">=1.2.0"},{"fix":"Always set `dev_environment=False` in production deployments and `True` (or omit if default desired) for development/sandbox environments. Use environment variables for configuration.","message":"The `dev_environment` parameter in `DeviceCheck` initialization is crucial. It defaults to `True` (development) for new instances. Ensure it is explicitly set to `False` in production to interact with Apple's production DeviceCheck environment. Incorrect setting will lead to validation failures or incorrect bit states.","severity":"gotcha","affected_versions":"All"},{"fix":"Test DeviceCheck functionality on actual iOS hardware. Use mock environment variables (e.g., `MOCK_DEVICE_CHECK_DECORATOR_TOKEN`) for local development if real device testing is not feasible for every iteration.","message":"Apple's DeviceCheck API, and by extension this library, only works on physical iOS devices. It will not function correctly on simulators.","severity":"gotcha","affected_versions":"All"},{"fix":"For asyncio, use `from devicecheck.asyncio import AsyncioDeviceCheck`. The rest of the asynchronous network methods will need to be `await`ed.","message":"Version 1.3.0 introduced dedicated asyncio support. When working with asynchronous code, ensure you import `AsyncioDeviceCheck` from `devicecheck.asyncio` instead of the top-level `DeviceCheck` class to leverage `async/await` functionality.","severity":"gotcha","affected_versions":">=1.3.0"},{"fix":"Store the private key path or content in an environment variable (`APPLE_PRIVATE_KEY_PATH` or `APPLE_PRIVATE_KEY_CONTENT`) and retrieve it at runtime. Ensure proper access controls are on the `.p8` file.","message":"The private key (`.p8` file) used for authentication with Apple's API is highly sensitive. It should never be hardcoded or committed directly into source control. Always load it securely, for example, from an environment variable or a secure vault at runtime.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}