Update README.md

Added note not to use the verification API in the production scenario.

Author: hak

server/README.md

@@ -1,12 +1,13 @@
-Server SafetyNet Samples
+
+SafetyNet Samples
 ===================================
 
 This sample demonstrates how to verify the response received from the SafetyNet service.
 
 It shows how to extract the compatibility check response from the JWS message, validate its SSL certificate chain, hostname and signature.
 
 This check can be done completely offline (See `OfflineVerify.java`) or by using the _Android Verification API_ to verify the content and signature of the response (see `OnlineVerify`). This REST API requires you to register at the Google Developers console and register for an API key. Detailed steps are available [in the documentation] under _Validating the response with Google APIs_.
-
+Note: The API is rate-limited. For the reason, you should use the API only for testing during the initial development stage. You shouldn't use this verification API in a production scenario.
 
 Note that this sample only provides a basic overview over the verification process and does not cover all possibilities. For example,it is reccomended to always verify the nonce in the request as well. This sample also does not show the app-to-server communication.
 
@@ -52,7 +53,6 @@ Runing the Samples
 * Retrieve a signed statement from the Android app and copy it to your machine. (You can use the "Share Result" option.)
 * Build this server component and provide the signed statement as input.
 
-
 Support
 -------
 
@@ -83,4 +83,4 @@ License for the specific language governing permissions and limitations under
 the License.
 
 [key]: https://developer.android.com/training/safetynet/index.html#verify-compat-check "See Validating the response with Google APIs"
-[replay-attack]:https://en.wikipedia.org/wiki/Replay_attack
+[replay-attack]:https://en.wikipedia.org/wiki/Replay_attack