DeviceCheck tokens are "single-use" - How do I read and update the bits (2 calls) within the same backend request?

Hey,

the documentation for the generateToken() method states:

Your server uses the generated token in its requests to get or set the persistent bits for the current device. You should treat the token you receive in the completion block as single-use. Although the token remains valid long enough for your server to retry a specific request if necessary, you should not use a token multiple times. Instead, use this method to generate a new token.

Now, what I want to do in my backend is:

  1. Read the current bits to decide if an action is allowed
  2. If the action is allowed, update the bits

That's 2 calls to the DeviceCheck API, so I would need 2 tokens, right? But I want to do this in a single call to my backend.

Is it fine for the device to generate send 2 tokens at the same time? Or can I actually use a single token for both calls, and "single-use" just means I should not store it?

Thanks!

DeviceCheck tokens are "single-use" - How do I read and update the bits (2 calls) within the same backend request?
 
 
Q