使用限制为一个谷歌API一个Android关键 [英] Restricting usage for an Android key for a Google API
问题描述
我的问题是如何才能限制我的Android API密钥的使用情况,以我的应用程序正确设置包名和SHA-1证书,指纹的谷歌开发者控制台。
My question is about how to properly set the package name and SHA-1 certificate fingerprint in the Google Developers Console in order to restrict usage of my Android API key to my app.
当我没有什么限制使用你的Android应用程序一节中设置,我的谷歌翻译请求API正常工作。该API与状态code 200和我预期的结果通常响应。
When I don't have anything set in the "Restrict usage to your Android apps" section, my requests to the Google Translate API work properly. The API responds normally with status code 200 and my expected result.
但是,当我指定使用开发者控制台,我一直得到403像故宫回应我的应用程序包名称和SHA-1证书,指纹以下内容:
But when I specify a package name and SHA-1 certificate fingerprint for my app using the Developers Console, I consistently get 403 Forbidden responses like the following:
HTTP/1.1 403 Forbidden
Vary: Origin
Vary: X-Origin
Content-Type: application/json; charset=UTF-8
Date: Sun, 29 Nov 2015 21:01:39 GMT
Expires: Sun, 29 Nov 2015 21:01:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic,p=1
Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25"
Content-Length: 729
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
}
}
请求看起来像下面这样。请注意,有请求没有参考报头:
The request looks like the following. Notice that there's no referer header in the request:
GET https://www.googleapis.com/language/translate/v2?key=XXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXX&source=en&target=es&q=test HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; Nexus 6 Build/LVY48H)
Host: www.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip
我假设的错误信息指示包名称或SHA-1指纹的问题,尽管关于每个IP或每个Referer的限制的消息。虽然浏览器密钥允许每个引用者限制的设定,我使用无处一个Android键设置每个IP或每个Referer的限制。
I'm assuming that the error message indicates a package name or SHA-1 fingerprint problem, despite its message about a "per-IP or per-Referer restriction". While browser keys allow the setting of a per-referer restriction, I'm using an Android key with nowhere to set a per-IP or per-Referer restriction.
我敢肯定,我已经在谷歌开发者控制台输入正确的包名。我从我的Android清单文件中的清单标记包属性读取软件包的名称。
I'm sure I have entered the package name correctly in the Google Developers Console. I'm reading the package name from the package attribute on the manifest tag in my Android manifest file.
我也相信我有SHA-1指纹在谷歌开发者控制台设置正确。我是从我的密钥库使用命令的keytool -list -v密钥库/路径/要/我的/密钥库读此值。我得到同样的价值,当我使用的keytool -list -printcert -jarfile myAppName.apk 从APK文件中读取。我使用ADB安装相同的APK文件。
I'm also sure I have the SHA-1 fingerprint set correctly in the Google Developers Console. I'm reading this value from my keystore using the command keytool -list -v keystore /path/to/my/keystore. I get the same value when I read it from the APK file using keytool -list -printcert -jarfile myAppName.apk. I'm installing that same APK file using adb.
下面是我在开发者控制台中看到:
Here's what I see in the Developers Console:
![控制台屏幕快照](\"http://i.stack.imgur.com/ahZE2.png\")
我上运行Android的股票多台设备进行测试这一点。我得到的WiFi和蜂窝网络上的错误反应,我是否进行代理业务或没有。
I've tested this on multiple devices running stock Android. I get the error response on wifi and on the cell network, whether I'm proxying the traffic or not.
当我删除从开发者控制台的限制,应用程序重新正常工作。
When I remove the restriction from the Developers Console, the app works properly again.
我在做什么错在这里?
请注意:几个 <一个href=\"http://stackoverflow.com/questions/31589308/how-does-google-verify-android-sha1-fingerprints-and-packages\">similar <一href=\"http://stackoverflow.com/questions/30655974/how-to-use-google-public-api-access-key-in-android-application\">questions <一href=\"http://stackoverflow.com/questions/32595910/google-cloud-storage-api-with-android-api-key-not-working-however-browser-api-k\">have <一href=\"http://stackoverflow.com/questions/28356313/youtube-api-could-not-search-com-google-api-client-googleapis-json-googlejson\">been <一href=\"http://stackoverflow.com/questions/28591012/youtube-api-permission-403-forbidden-error\">asked <一href=\"http://stackoverflow.com/questions/29374420/google-storage-api-forbidden-i$p$pfererblocked-error\">before, <一href=\"http://stackoverflow.com/questions/28645992/youtube-client-on-android-having-a-java-lang-nullpointerexception\">but <一href=\"http://stackoverflow.com/questions/29246452/google-books-api-keep-getting-error-$c$c-403-reason-i$p$pfererblocked\">with <一href=\"http://stackoverflow.com/questions/21075625/error-403-with-google-translate-v2-api-access\">no <一href=\"http://stackoverflow.com/questions/31586345/usage-of-google-translate-api-in-android\">adequate 答案的。我不想使用浏览器密钥或完全消除限制。我想使用限制的正常工作。
Note: Several similar questions have been asked before, but with no adequate answers. I don't want to use a browser key or remove the restriction altogether. I want to get the usage restriction to work properly.
推荐答案
在使用谷歌REST的API只,如翻译,你需要使用的 GoogleAuthUtil ,这将产生对特定用户和封装/指纹的令牌。然而,这需要 GET_ACCOUNTS 权限,这聪明的网友都持谨慎态度。
When using a Google REST-only API, such as Translate, you'll need to use GoogleAuthUtil, which will generate a token for a specific user and package/fingerprint. However, that requires GET_ACCOUNTS permission, which smart users are wary of.
您也可以使用的AccountManager 的 getAuthToken()的方法,但这需要不仅 GET_ACCOUNTS 许可,也 USE_CREDENTIALS 。
You could also use the AccountManager's getAuthToken() method, but that would require not only the GET_ACCOUNTS permission, but also USE_CREDENTIALS.
您可能是最好还是使用一个API密钥和掩盖它一下。
You might be best off using an API key and obscuring it a bit.
这篇关于使用限制为一个谷歌API一个Android关键的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
