Configure capabilities

Create a DeviceCheck private key

To authenticate communication with the DeviceCheck service, you’ll use a private key enabled with DeviceCheck.

First create and download a private key with DeviceCheck enabled. Then get the key identifier (kid) to create a JSON Web Token (JWT) that you’ll use to communicate with the capabilities you enabled. To use this identifier in a DeviceCheck JWT, visit Accessing and Modifying Per-Device Data.

If you suspect a private key is compromised, first create a new private key with DeviceCheck enabled. Then, after transitioning to the new key, revoke the old private key.

To learn about the DeviceCheck API, visit DeviceCheck.

Required role: Account Holder or Admin.