Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

This IP, site or mobile application is not authorized to use this API key - Android App

Tags:

android

google-maps

api

I am attempting to limit the usage of my Android API key (for Google Maps Direction API) to Android Apps that are signed with my SHA-1 fingerprints. The key will work perfectly fine when I do not "Add package name and fingerprint" under the Credentials on the Google Developers Console. But when I Add them this error comes up:

W/System.err: com.google.maps.errors.RequestDeniedException: This IP, site or mobile application is not authorized to use this API key. Request received from IP address XX.XX.XXX.XXX, with empty referrer

The majority of the answers that are given to solve this error are for the Places API and solve it by switching to a Server API key. I need to use an Android key and want to limit the users of that key.

Points I noticed:

  1. Google does recognize I am using a valid API key.
  2. Google does recognize the correct SHA-1 signature, Google will show an error with the signature if I use an invalid API key.

Any help would be much appreciated!

like image 744
BrianMiz Avatar asked Dec 29 '15 18:12

BrianMiz

1 Answers

As you have found, any API key will work here as long as it's not secured, but a secured Android API key will not work for the Google Maps Directions API.

Quite simply, you need to use a Server API key for the Directions API (or any of the webservice APIs).

From the documentation::

The Google Maps Directions API will only work with a Server key.

The reason for this is that these webservice APIs were originally intended to be used on websites, not in Android apps.

Furthermore, the only way to secure a Server key is with an IP address, so there is no way to do it client-side.

The official recommendation from Google is to use a proxy server that the app makes requests to, and make the Directions API request from the proxy server.

See here (This is specific to the Places webservice API, but it's valid for any of the webservice APIs): https://groups.google.com/forum/#!topic/google-places-api/SmujrL-pDpU

Response from Google employee:

Alexey,

Anything stored client side is compromisable, even with obfuscating, you are only making it somewhat slower for a dedicated hacker to access.

I would suggest you set up your application to send your Places requests without the API Key to a proxy server to receive the request, append the API Key to the end of the request, send the request, and then receive and return the response from the request to your application.

Cheers,

Chris

like image 168
Daniel Nugent Avatar answered Sep 20 '22 05:09

Daniel Nugent
Sign in to Comment

Related questions

Minimum sdk for recycleview and pros/cons of replacing listviews with it
CoordinatorLayout with Tabs in android?
ItemTouchHelper and SwipeRefreshLayout (RecyclerView)
"No resource found" errors when building app
How to pass a ArrayList<Point> for a jni C++ function?
ion-refresher - spinner not showing
Android Studio gradle sync, try to download jar instead of aar by mistake
How to set Bold text to Android Snackbar Action Text?
could not open initscript class cache for initialization script
Can't update build.gradle to use support library 23.0.1
How to handle shouldInterceptRequest parameter change in API21?
Android Volley library: do we always have to repeat Response.Listener and Response.ErrorListener
How can I use a Color as placeholder image with Picasso?
should i delete .AndroidStudio1.2 folder now
Android App crash after taking picture "Unable to find the default constructor" On LG 4G Stylus
RecyclerView: Go to a position not scroll to
Exclude hidden Google AdMob ads dependency from Android app
Reselecting correct NavigationView menu item after pressing back button
Change ToolBar default icon on the left
Do library dependency increase size of APK?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!