When using firebase or react-native-google-places-autocomplete, I need to supply an api key. Obviously, I can't use a native api key, as the calls are made using web clients. So I have to use a web api key. The problem is, I can't get it to be restricted in google console, because I have no referrer or IP address. Is there any way to solve this?
Access to the API using a key is limited to 300 requests per minute. Every API response includes the following set of headers to identify the status of your consumption.
The maps API key is not sensitive, in the sense that Google does not treat it as sensitive information.
If you must have an API key or a secret to access some resource from your app, the most secure way to handle this would be to build an orchestration layer between your app and the resource.
You cannot create a "restricted" key for react-native-google-places-autocomplete
, because it does not use the native SDKs. The only API key protection the is available, is to restrict the Google APIs that the key can use (e.g. Google Places, Geocode).
Even though it is not difficult to reverse engineer or check the network calls in a React Native App (or any app for that matter), the key is not out in the open like it would be on a website, where you can just open the dev tools and see the key). If you are concerned about someone using the key, I would recommend sending the api key on app startup, so that if the key were compromised you can swap out the key.
As mentioned in one of the other answers, react-native-google-places
uses the native Google Maps SDKs, and therefore it should be possible to use a restricted key with it.
Full disclosure: I am the current maintainer of react-native-google-places-autocomplete
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With