Back to all articles
Security

Play Integrity API in 2026: Token Generation for Android Account Registration

Inside Play Integrity API in 2026: how device attestation tokens are generated for TikTok, Instagram, Telegram, WhatsApp, Snapchat, Discord, VK and any Android app. Why SafetyNet failed and integration costs.

REGHelp TeamPublished: 3/3/2026Updated: 3/4/202611 min read

Play Integrity & Device Attestation Guide

Device attestation APIs verify that an app is running on a genuine, unmodified device. Google's Play Integrity API (successor to SafetyNet Attestation) is the standard for Android device verification.

What Is Play Integrity?

Play Integrity API provides cryptographic attestation that:

  • The app binary hasn't been tampered with
  • The device is running a genuine Android build
  • The app was installed from Google Play Store
  • The device meets basic security requirements

Play Integrity vs SafetyNet

FeaturePlay IntegritySafetyNet (deprecated)
StatusActiveDeprecated (June 2024)
Verdict typesDevice, App, AccountBasic, CTS Profile
IntegrationPlay Services SDKPlay Services SDK
Token formatJSON Web TokenJWS

REGHelp Integrity API

Generate Play Integrity tokens for test applications without requiring physical devices:

curl -X POST https://api.reghelp.net/v2/integrity/tokens -H "X-API-Key: YOUR_KEY" -H "Content-Type: application/json" -d '{"appName":"tg","mode":"standard","requestHash":"order:12345"}'

Request body

ParameterTypeDescription
appNamestringApp slug supported by the service (e.g. tg, whatsapp)
modestringstandard (default) or classic
requestHashstringRequired only for Standard; up to 500 UTF-8 bytes
noncestringRequired only for Classic; Base64URL without line wrapping, 16–500 chars
webHookurlOptional callback for terminal status

Send the API key in X-API-Key. Package name, cloud project number, certificate and current APK versionCode are resolved by the server from its application registry. Standard rejects nonce; Classic rejects requestHash.

Then poll GET /v2/integrity/tokens/TASK_ID with the same X-API-Key header until status: "done".

Use Cases

  • App development — test integrity check flows during development
  • QA automation — include device attestation in automated test suites
  • Security research — study how integrity verification works
  • Monitoring — verify your integrity checks are functioning correctly