Starting today, all new AIProxy services must be protected with DeviceCheck. Customers will no longer see the option to disable `protect_endpoints_with_device_check` while configuring their AIProxy services.
Apple's DeviceCheck is a key layer in our multi-level approach to security. When a request arrives at the AIProxy backend, the `aiproxy-device-check` header is pulled from the request. This header contains a token that is validated against Apple's servers. Apple tells us whether the token originated from Apple hardware running a signed version of your application.
Integrating with DeviceCheck places an initial burden on our customers. It takes a few minutes of poking around in the Apple developer dashboard to configure the necessary context. As such, we made DeviceCheck an optional feature, with the aim of seeing working requests from our customers as quickly as possible. However, with this optionality came a cost: it was too easy for customers to forget to enable DeviceCheck before shipping to the app store.
Going forward, we're placing a slightly higher burden upfront (configuring DeviceCheck during development) for additional safety in production.
Please see the Integration guide for step-by-step instructions on configuring DeviceCheck.