Production-Grade Implementation Guidance: DCError Matrices, Retry Strategies, and Simulator Testing for App Attest APIs

Privacy & Security General
Nirekshitha OP
Created 3h
Replies 0
Boosts 0
Views 8
Participants 1

Hi there,

We're implementing Apple's DeviceCheck App Attest for production iOS authentication. The public documentation defines DCError cases but doesn't specify which errors are expected per API method or recommend retry/remediation strategies. We need Apple's guidance to implement robust, production-aligned error handling before rollout.

1. Error Surface per API Method

Question: Can you confirm the complete, officially expected set of DCError values for each method?

We understand the following errors are possible across App Attest APIs:

  • invalidKey
  • invalidInput
  • featureUnsupported
  • serverUnavailable
  • unknownSystemFailure

Specifically, please confirm which errors can occur for:

  • DCAppAttestService.generateKey()
  • DCAppAttestService.attestKey(_:clientData:)
  • DCAppAttestService.generateAssertion(keyID:clientData:)

Are there any additional undocumented or edge-case errors we should handle?

2. Retry Strategy & Remediation Matrix

Question: For each API method and error code, please help us with proposal around which errorCode is retriable, whats the remediation pre retry, retry cap and backoff strategy:

Kindly also help with errors that are not covered here:

Specific sub-questions:

  1. invalidKey handling: When this error occurs:

    • Should the app delete the key and call generateKey again?
    • Or should it fail the entire flow?

  2. serverUnavailable handling:

    • Should we retry immediately, or wait before retrying?
    • Is exponential backoff recommended?
    • What's the recommended max retry count?

  3. Backoff strategy:

    • Which errors (if any) qualify for exponential backoff?
    • Recommended base delay, max delay, and jitter approach?
    • When should we give up and fail the request?

  4. unknownSystemFailure:

    • Is this retriable or should we fail?
    • Any known causes or mitigations?

3. Simulator Testing

Questions:

  1. Simulator API behavior:
    • Can App Attest APIs be called normally on iOS Simulator? If not, is there a way to simulate for testing.
    • Do they complete successfully with simulated attestations, or do they fail?

Thanks, Nirekshitha

Replies  0
Boosts  0
Views  8
Participants  1
Production-Grade Implementation Guidance: DCError Matrices, Retry Strategies, and Simulator Testing for App Attest APIs
First post date Last post date
 
 
Q