Setting Up DeviceCheck for KVProxy

KVProxy uses Apple’s DeviceCheck service to verify that requests to your proxy originate from your legitimate iOS app. This allows us to prevent unauthorized clients from replaying requests or abusing your API keys.

To enable this protection, you’ll need to generate a DeviceCheck private key (.p8) in your Apple Developer account and upload it to the Certificates tab inside the KVProxy dashboard.

This guide walks you through the process.

Step 1 — Log in to Apple Developer

  1. Go to the Apple Developer portal: https://developer.apple.com/account

  2. Sign in with the Apple ID associated with your developer account.

  3. Locate the Certificates, Identifiers & Profiles section:

Certificates, Identifiers & Profiles

Step 2 — Create a DeviceCheck Key

  1. In the Certificates, Identifiers & Profiles section, click on Keys.

  2. Click the “+” button to create a new key.

Add Key

  1. Give the key a name, for example: "KVProxy DeviceCheck"

  2. Under Key Services, check DeviceCheck

Make Key

  1. Click Continue, then Register.

Register

Step 3 — Download the .p8 File

After registering:

  1. Click Download to download your .p8 file.
  2. Save this file somewhere secure.

⚠️ Important: Apple only allows you to download the .p8 file once. If you lose it, you must revoke the key and generate a new one.

Step 4 — Copy Your Key ID and Team ID

You will now need:

  • Key ID
  • Team ID
  • The downloaded .p8 file

On the Keys page, you’ll see your newly created key listed. The Key ID is displayed in the table. Your Team ID is rendered in the top left.

Finding Keys and Team

Step 5 — Upload to KVProxy

  1. Log in to your KVProxy dashboard.
  2. Navigate to the Certificates tab.
  3. Provide:
    • The .p8 file
    • Your Key ID
    • Your Team ID

Once uploaded, KVProxy will immediately begin validating DeviceCheck tokens issued by any iOS app associated with your team.

What Happens Next?

After this step:

  • Your iOS app will generate DeviceCheck tokens.
  • KVProxy will verify those tokens server-side.
  • Only validated devices will be allowed to proxy requests using your protected API keys.

This ensures:

  • API keys never live in your client
  • Only your legitimate app can make requests
  • Unauthorized scripts or extracted binaries cannot abuse your third-party credentials

Troubleshooting

If you:

  • Lose your .p8 file → Revoke the key and generate a new one.
  • Upload the wrong Team ID or Key ID → Update the values in the Certificates tab.
  • See validation errors → Ensure that your app is signed by the same team associated with the certificate.

If you need help, contact support@kvproxy.com and include:

  • Your project slug
  • Key ID
  • Team ID
  • The error message you're seeing