Ibrahim Atef Elmasry
Reputation: 119
How to create restricted Api Key to use directions api?
i'm creating an app that's draw routes between users using only firestore to update users location.
the problem is to use direction api i need Restricted key using (server IP addresses) what should i do ? i don't have server i'm using only firestore
Upvotes: 0
Views: 1586
Answers (2)
rafon
Reputation: 1542
Since your application is using a web service (Directions API), I believe you'll have to do the following to secure your API key:
- Apply an API restriction on the API key. This action narrows the scope of the API key to the APIs you associate with the key.
- Obfuscate or encrypt the API key. This action complicates key scraping attempts directly from the application.
- Use CA pinning or certificate pinning to verify the server resources are valid. CA pinning checks that a server's certificate was issued by a trusted certificate authority, and prevents Man-In-The-Middle attacks that could lead to a third party discovering your API key. Certificate pinning goes further by extracting and checking the public key included in the server certificate. Pinning is useful for mobile clients communicating directly with Google servers, as well as mobile clients communicating with the developer's own proxy server.
- Use a proxy server. The proxy server provides a solid source for interacting with the appropriate Google Maps Platform API.
More can be found in our public documentation On mobile apps that use Maps Web Service APIs of this Protecting API Keys
Upvotes: 1
Jean Gladys Raymundo
Reputation: 587
For Android application, you may restrict your Google Maps API key with "Android apps" .
Based on the docs:
To restrict an API key:
- Go to the Google Cloud Platform Console.
- From the Project drop-down menu, select the project that contains the API key you want to secure.
- From the Navigation menu, select APIs & Services > Credentials.
- On the Credentials page, click the name of the API key that you want to secure.
- On the Restrict and rename API key page, set the restrictions: Application restrictions:
- Select Android apps and follow the instructions.
- Click + Add package name and fingerprint.
- Enter your package name and SHA-1 certificate fingerprint. For example:
com.example.android.mapexampleBB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75
Upvotes: 0
Related Questions
- Protect Google Maps API key with Restriction for Ionic app
- How to use Google-Directions-Android library with a restricted API key
- How to restrict Google Map API key in mobile app?
- Website Restrict Google Maps API key dynamicly via SDK
- Restrict Google Directions API key in Flutter
- Android Google Maps Direction Api - Api key restriction not working
- Directions and API key
- Using Google Maps Directions API in android - what kind of API key is needed?
- use Google Maps Directions API without key on android app
- Google Directions API limit