I'm currently implementing Firebase App Check in my application and have a question about API request quotas. The Firebase documentation mentions a limit of 10,000 total requests per day across all installs for Google Play Integrity API. However, I'm unclear on which operations count towards this limit, specifically in the context of token verification.
I understand that obtaining a token is an API request, but I'm uncertain if verifying the token in my backend also counts as an API request. Here's a snippet of my code using the Python SDK of Firebase App Check:
from firebase_admin import app_check
from firebase_admin import credentials
cred = credentials.Certificate("my_cert_file.json")
firebase_app = firebase_admin.initialize_app(cred)
app_check_token = "my-app-check-token"
app_check_claims = app_check.verify_token(app_check_token)
My main question is: Does the verify_token function make an API request that counts towards our daily quota?
In my research, I found this GitHub issue stating that "Obtaining the Firebase App Check public JSON Web Key Set is the only outgoing request for the app check verify token API". Further examination of the Firebase Admin Python SDK repository showed that a request is made to "https://firebaseappcheck.googleapis.com/v1/jwks" to obtain the RSA public keys.
However, I'm still unsure if this operation impacts our daily API request quota. Clarity on this matter is crucial for designing the workflows.
I would appreciate it if anyone with certain knowledge about this could help me.