Safetynet calls in our app is failing frequently in production. We believe recent spike in consumer traffic and following limitation of Safetynet API may be causing the issue.
“If you trigger more than 5 calls per minute, you exceed the API's fixed rate limit, which causes the remaining requests during that minute to return an error.” Courtesy - https://developer.android.com/training/safetynet/attestation
We are however not sure if this limitation applies to per App per user or applies to API key. Please clarify.
Thanks
When your app communicates with SafetyNet, the service provides a response containing the result of the compatibility check and includes additional information in JSON Web Signature format.
Possible attestation error case
nullresult indicates that the call to the service didn't complete successfully.errorparameter indicates that an issue occurred, such as a network error or an error that an attacker feigned. Most errors are transient and should be absent if you retry the call to the service. You may want to retry a few more times with increasing delays between each retry.And to your question
Call to the SafetyNet Attestation API limited to 10,000 requests per day across all API keys in your project. If you need to make more than 10,000 requests per day across all API keys in your project you need to fill out this quota request form.
The another fixed limit policy allows only an individual to make 5 calls/min — on behalf of your application.
Rate limiting of the standard API is primarily on a per-user basis — or more accurately described, per user access token.