Android Play Integrity Setup
Goal: enable Play Integrity for your app and send PushWave the required SHA-256 certs and package name. No Google API key is needed.
1) Enable Play App Signing
- In Play Console, open your app → Setup → App integrity.
- Ensure Play App Signing is ON. Google manages the app signing key.
2) Enable Play Integrity API
- In the same App integrity section, enable Play Integrity API.
- You don’t need to generate an API key for PushWave decode (we use our own service account).
3) Get your SHA-256 fingerprints
- Still under App integrity → App signing:
- Copy the App signing certificate SHA-256 (the key Google uses).
- Copy the Upload certificate SHA-256 (your upload key).
- If you rotated or have additional keys, include those too.
- Remove colons when sending to PushWave (e.g.,
D39C3F8240...notD3:9C:...).
4) Provide to PushWave
packageName- All SHA-256 certs (App signing + upload + any rotations).
- Your PushWave public API key (client) and project secret (header) when calling our API.
5) SDK note (cloud project number)
- The PushWave SDK will call Play Integrity with our cloud project number; ensure you use the latest SDK so the token is emitted for the correct project.
- Build via Play tracks (internal/closed is fine); sideload/Expo Go is not supported for attestation.
That’s it. Once supplied, PushWave will validate Play Integrity tokens against these SHA-256 digests. No Google API key is required on your side for decode.