这个IP,网站或移动应用程序无权使用这个API密钥。 [英] This IP, site or mobile application is not authorized to use this API key.
问题描述
我试图限制我的Android API密钥(谷歌地图API的方向),以Android应用了与我的SHA-1指纹签署的使用。关键将工作完全正常的时候,我不就谷歌开发者控制台证书下的添加包名称和指纹。但是,当我加入他们这个错误出现:
I am attempting to limit the usage of my Android API key (for Google Maps Direction API) to Android Apps that are signed with my SHA-1 fingerprints. The key will work perfectly fine when I do not "Add package name and fingerprint" under the Credentials on the Google Developers Console. But when I Add them this error comes up:
W / System.err的:com.google.maps.errors.RequestDeniedException:这个IP,网站或移动应用程序无权使用这个API密钥。从IP地址XX.XX.XXX.XXX接收到的请求,空引用
W/System.err: com.google.maps.errors.RequestDeniedException: This IP, site or mobile application is not authorized to use this API key. Request received from IP address XX.XX.XXX.XXX, with empty referrer
大多数被给予解决这个错误的答案都为邻居API和通过切换到服务器API密钥解决它。我需要使用Android键,要限制密钥的用户。
The majority of the answers that are given to solve this error are for the Places API and solve it by switching to a Server API key. I need to use an Android key and want to limit the users of that key.
点我注意到:1)谷歌承认它,我使用一个有效的API密钥。
2)谷歌并识别正确的SHA-1签名,谷歌将显示一个错误的签名,如果我用一个无效的API密钥。
Points I noticed: 1) Google does recognize I am using a valid API key. 2)Google does recognize the correct SHA-1 signature, Google will show an error with the signature if I use an invalid API key.
任何帮助将是非常美联社preciated!
Any help would be much appreciated!
推荐答案
正如你所发现的,任何API键,只要在这里工作,因为它不是保护,而是一个安全的Android API密钥不会为谷歌地图路线API工作
As you have found, any API key will work here as long as it's not secured, but a secured Android API key will not work for the Google Maps Directions API.
很简单,你需要使用的路线API服务器API密钥。
Quite simply, you need to use a Server API key for the Directions API.
在谷歌地图API路线将只使用一个服务器密钥工作。
The Google Maps Directions API will only work with a Server key.
这样做的原因是,这些Web服务API的最初打算使用的网站,而不是在Android应用。
The reason for this is that these webservice APIs were originally intended to be used on websites, not in Android apps.
此外,为了保证服务器密钥的唯一方法就是使用一个IP地址,所以没有办法做到这一点的客户端。
Furthermore, the only way to secure a Server key is with an IP address, so there is no way to do it client-side.
从谷歌官方的建议是使用该应用程序发出请求到代理服务器,并从代理服务器的路线API请求。
The official recommendation from Google is to use a proxy server that the app makes requests to, and make the Directions API request from the proxy server.
在这里看到(这是特定的web服务的地方API,但它是有效的任何Web服务的API)的 https://groups.google.com/forum/#!topic/google-places-api/SmujrL-pDpU
See here (This is specific to the Places webservice API, but it's valid for any of the webservice APIs): https://groups.google.com/forum/#!topic/google-places-api/SmujrL-pDpU
这是谷歌员工响应:
阿列克谢,
任何存储的客户端是compromisable,即使使用的混淆,
你只使它成为一个专门的黑客有点慢
访问。
Anything stored client side is compromisable, even with obfuscating, you are only making it somewhat slower for a dedicated hacker to access.
我建议你设置你的应用程序发送你的邻居
没有API密钥到代理服务器的请求接收请求,
追加API密钥的请求结束,发送请求,并
然后接收和返回从请求到响应的
应用程序。
I would suggest you set up your application to send your Places requests without the API Key to a proxy server to receive the request, append the API Key to the end of the request, send the request, and then receive and return the response from the request to your application.
干杯,
克里斯
这篇关于这个IP,网站或移动应用程序无权使用这个API密钥。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
