Integrity API error -(8)

[SquadCraftFTW]

Getting the following error when making a play integrity request, default presets:

-8: Integrity API error (-8): The calling app is making too many requests to the API and hence is throttled.

Retry with an exponential backoff.

(https://developer.android.com/reference/com/google/android/play/core/integrity/model/IntegrityErrorCode.html#TOO_MANY_REQUESTS).

[herzhenr]

Thank you for your feedback, also getting 1 star reviews on the Play Store because of this error...

The API key I use is limited to 10.000 API Requests per day. Somehow this limit got reached, my app is now being used by much more people than in the past. I will try to limit the amount of API requests a user can do within the app and will have a look at YASNAC which doesn't has this problem with much more users. I think the developer here uses multiple API keys but I am not sure if this work with the Play integrity API as well that easily.

There is also the option to request google for more quota on the API but I don't think they allow an app like mine too exceed the basic limit of 10.000 Requests per day.

[stevenxxiu]

What about letting the user use their own API key?

[herzhenr]

I had a look at the Play Integrity Api and multiple/own API Keys are only an option for the old SafetyNet Attestation API. With the Play Integrity API, the App in the PlayStore is linked to my Google Play Console Project which means there isn't the option to provide an API key by the users themselves.

The only option I have is to request more quota from Google or limit the usage within the app. I could request more quota, but therefore I would need to implement the Api exactly like Google intends it which means only using it for high value actions and only if strictly necessary as well as implement exponential backoff if the request fails. In my app the user can trigger a request by themselves as often as they want so I am pretty sure Google would deny my app if submit the from.

But the real problem is the amount of API calls my app sends to the Play Integrity server per day. In the last month the app got quite a hype and was downloaded about 6.000 times at around ~200 downloads per day. Yesterday I saw a peak of 15.000(!) Play Integrity API requests in one day which is much more than the average downloads in the last few days. My guess that some users spam requests to the api which results in this extremely high usage.

I thinks about a local rate limit mechanism which limits such extreme usage but also doesn't limit normals users from sending a few requests for testing their device.

[mskonovalov]

There was another app doing the same thing and Google declined increasing the API limit :(
So ideally user own API key

[mskonovalov]

Also the hype is because Google keeps banning custom ROMs from passing the check.
The app is very useful though

[herzhenr]

I am currently implementing rate limiting which checks if a user makes too many requests in a short amount of time. I am currently thinking of allowing a request every 10 seconds and a maximum of 10 requests per five minutes which should be plenty enough for normal use and would prevent (accidental) request spamming to the API endpoint.

[realyukii]

Dumb question: Is it possible to generate a new API key for each user?