CODEWITHSUNDEEP
androidretrofit2youtube-data-apisha1
Wouter
Wouter

Reputation: 11

Android Retrofit YouTube Data V3 request using SHA-1

I am building an Android application that uses the YouTube Data API v3. I've been developing for some time without restricting access, I'm trying to add application restrictions now. I keep getting the response 403 Requests from this Android client application <empty> are blocked. I am using Retrofit2 to make the request.

I am using the correct API key since removing the restrictions makes the response valid.
The app is using the correct signature, I've checked this using the ./gradlew signingReport and also in code using packageInfo.signatures. I am using a self created certificate and loading it in my build.gradle.kts using the following code:

    signingConfigs {
        getByName("debug") {
            keyAlias = "debug"
            keyPassword = "password"
            storeFile = file("../.keystore/debug.keystore")
            storePassword = "password"
        }
    }

    buildTypes {
        debug {
            isMinifyEnabled = false
            isDebuggable = true
            signingConfig = signingConfigs.getByName("debug")
        }
    }

This is my current YoutubeService, just for testing I've hard coded the correct packagename and SHA-1. Using the App inspectors network inspector I can verify that it is using the headers.

interface YoutubeService {
    @GET("search")
    fun searchChannels(
        @Query("part") part: String,
        @Query("q") query: String,
        @Query("type") type: String,
        @Query("key") apiKey: String,
        @Query("maxResults") results: Int = 10,
        @Header("X-Android-Package") packageName: String = Companion.packageName,
        @Header("X-Android-Cert") sha1: String = Companion.sha1
    ): Call<YouTubeSearchResponse>

    companion object {
        private const val sha1 = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
        private const val packageName = "com.woutervandervelde.churchdashboard"
    }
}

My current Google Cloud configuration for the API key: Google Cloud Credentials Key restrictions

I've also tested making a request using postman, no luck either. Instead of saying <empty> it does use the correct packagename in the response. postman request to youtube data api v3, response 403

Is there a step I am missing here? Thanks in advance!

Upvotes: 0

Views: 39

Answers (0)

Related Questions