Skip to main content

Overview

Apple App Attest lets the CDP backend cryptographically verify that requests come from your genuine, verified iOS app running on a real Apple device. The SDK handles attestation automatically. You only need to install the package and add one import statement, add a capability in Xcode, and configure the CDP Portal.

Prerequisites

  • A free CDP Portal account and project
  • A React Native app using the CDP React Native SDK
  • An Apple Developer account
  • A physical iOS device running iOS 14 or later (simulators are not supported)

Setup

1

Install packages

npx expo install @coinbase/cdp-app-attest react-native-device-info
react-native-device-info is required so the SDK can read your app’s bundle ID and match it against the configuration in the CDP Portal.
2

Add the import to your app entry point

Add the following import at the top of your app’s entry point:
import "@coinbase/cdp-app-attest";
This import self-registers the attestation module with the CDP SDK. No additional function calls are needed.
3

Enable App Attest in Xcode

  1. Open your project in Xcode.
  2. Select your app target.
  3. Go to Signing & Capabilities.
  4. Click + Capability and add App Attest.
This adds the com.apple.developer.devicecheck.appattest-environment entitlement to your app.
The CDP backend accepts both the development and production App Attest environments.
4

Configure your app in CDP Portal

Mobile Clients section in the Security tab of CDP Portal
In your project’s Security tab, click on Add app identifier in the Mobile section.This will open a 2-step verification modal that you will need to complete.
Add Android app 2-step verification in CDP Portal
To add an iOS app entry, you will need your Bundle ID and Apple Team ID.You may find your Apple Team ID in your Apple Developer Account.You may also find it in Xcode → select your app target → Signing & Capabilities. Your Team ID appears next to the Team dropdown (e.g. ABC123DEF4).
Add iOS App modal in CDP Portal
Click Add app identifier to save. Once saved, the CDP backend will begin enforcing attestation for requests from that app identity.

How it works

No additional code is required after the import. For operations that require it, such as login OTP requests, the SDK automatically attaches cryptographic proof with no user interaction required.
Validation is performed server-side by CDP and is entirely transparent to your users.
Enabling attestation in the portal takes effect immediately. Ensure the updated app version with @coinbase/cdp-app-attest installed and imported is fully rolled out to all your users before enabling attestation in the portal. If attestation is enabled while users are still on an older version without the package, they will experience authentication errors.

Troubleshooting

You will see this console warning:
Attestation module not registered. Install @coinbase/cdp-app-attest and add
`import '@coinbase/cdp-app-attest'` to your app's entry point.
The @coinbase/cdp-app-attest import is missing from your app entry point. Add it at the top of the file.
Apple App Attest requires a physical device. Run your app on a real iOS device for attestation to work.
  1. Verify the bundle ID in CDP Portal matches your app binary.
  2. Confirm @coinbase/cdp-app-attest is imported in your app entry point.
  3. Confirm react-native-device-info is installed.
  4. Confirm the App Attest capability is enabled in your entitlements.
  5. Confirm you are testing on a physical device, not a simulator.