Using Google Api Key With Restriction In Android
Solution 1:
You can restrict the key to Android app and make an http REST call within my app by passing the android package name and sha-1 within the header of your https call:
"X-Android-Package":"your.androidpackage.id""X-Android-Cert":"0000000000000000000000000000000000000000"*be sure to remove the colons ':' in the sha.
You still need to pass and expose 'key' as a url param, but without the credentials in the header it will be blocked.
Solution 2:
If I understand correctly, you want to use Places API web service from your mobile app. Typically Google Maps APIs web services are supposed to be called from backend servers and they support only IP address restrictions.
I would suggest having a look at the following article regarding restrictions that can be set for different APIs
https://developers.google.com/maps/faq#keysystem
As you can see, Places API web service can use only IP address restriction. It doesn't make much sense sending Places API requests directly from mobile devices, because each device has its own IP address and you don't know IP addresses of users' devices. So, the only feasible workaround in order to protect an API key is creation of the intermediate backend server.
The app should send request to your intermediate server, the intermediate backend server should send Places API request to Google with protected API key restricted to IP address of your server and proxy results back to your app.
In this scenario you need two API keys. One for Google Maps Android SDK with Android app restriction and another one for Places API web service with IP address restriction.
I hope this helps!
Solution 3:
Android/Ios restriction will work in this case put your SHA over there in the place required and then your package name in case on Android.It will work,also enable the api which you are using from the console.
Post a Comment for "Using Google Api Key With Restriction In Android"