This is the App Device Integrity Server. It can be used in conjunction with the App Device Integrity for Flutter.
Note that this project is intended to be a reference on how we can implement this anti-fraud feature on the server side.
For Apple App Attest, I have used the appattest-checker-node package, but feel free to adapt and use another one, like the node-app-attest
Here is an example of how we can make a post request data body after we receive the attestationToken and keyId on iOS:
{
"challenge" : "challenge_generated_by_server",
"attestToken" : "attest_token_in_base64_format",
"platform" : "IOS",
"keyId" : "keyid_from_app_attest"
}
It is recommended as a good practice to use a database like MongoDB to store challenges and, mainly, keyIds from iOS devices, to improve fraud attempts.
