Stop API abuse at the edge.

Verify that every request comes from a legitimate installation of your app running on a genuine Apple device. Perfect for Supabase Edge Functions.

Get startedView on GitHub
attestation.ts
import { verifyAttestation } from '@bradford-tech/supabase-integrity-attest'


const result = await verifyAttestation(
  { appId: 'TEAMID1234.com.example.app' },
  keyId,
  challenge,
  attestation,
)

supabase-integrity-attest

Server-side Apple App Attest verification for Supabase Edge Functions, built entirely on WebCrypto.

New to App Attest?

Understand the problem this library solves and get set up in minutes.

Ready to integrate?

Jump straight to setting up verification in your Supabase Edge Functions.

API reference

Full function signatures, parameter details, and error code reference.

Design & architecture

Understand the implementation: why WebCrypto, why not pkijs, and the verification pipeline.

What this library does

Mobile apps embed API keys that are trivially extractable via MITM tools like mitmproxy. IP-based rate limiting is just as easily bypassed with rotating proxies. Apple's App Attest solves this by leveraging the Secure Enclave to create hardware-backed cryptographic proof that requests originate from a genuine app on a real device.

This library verifies those proofs server-side. It handles the full attestation verification pipeline (CBOR decoding, X.509 certificate chain validation, nonce verification, key extraction) and the per-request assertion signature check — all using the WebCrypto API so it runs natively in Deno and Supabase Edge Functions without any Node.js compatibility issues.

Install

# Deno / JSR
deno add jsr:@bradford-tech/supabase-integrity-attest

# Node.js / npm
npm install @bradford-tech/supabase-integrity-attest