在Flutter中限制Google Directions API密钥 [英] Restrict Google Directions API key in Flutter

问题描述

我一直在用Flutter开发移动应用程序，并希望很快在Play商店中发布它.它使用Google Directions API，现在我想将API密钥限制为该特定应用程序.

I've been developing a mobile app with Flutter and want to release it soon on the Play Store. It uses the Google Directions API, and now I want to restrict the API key to this specific application.

我能够对应用程序进行签名，并且我将API密钥限制为Android应用程序，其应用程序的程序包名称和密钥的SH1A指纹都经过了两次检查.

I was able to sign the app, and I've restricted the API key to Android apps with the package name of my app and the SH1A fingerprint of the key, both of which were double-checked.

无论如何，无论是在调试模式(我认为是故意的)还是在释放模式下，请求都被拒绝.我通过dart HTTP包访问API.

The request gets denied anyways, both in debug mode (which I assume is intentional) and in release mode. I access the API via the dart HTTP package.

我的理论是，Directions API不能通过这种方式识别应用程序的程序包名称或指纹.那是对的吗?我可以使用google_maps_webview软件包或其他替代方法来解决此问题吗?

My theory is that this way the Directions API cannot recognize the package name or fingerprint of the app. Is that correct? Can I fix that by using the google_maps_webview package or something else instead?

预先感谢

保罗

推荐答案

问题是 Directions API 是一项网络服务.Google假定Web服务是从后端代码而不是从前端直接调用的.因此，Web服务(如Directions API，Geocoding API等)所支持的唯一限制是IP地址限制.假定您从后端服务器向Google发送请求，并通过服务器的IP地址保护API密钥.Android应用程序限制不适用于Web服务.

The issue is that Directions API is a web service. Google assumes that web services are called from a backend code and not from the frontend directly. So the unique restriction that is supported by web services like Directions API, Geocoding API, etc. is IP address restriction. It is supposed that you send requests to Google from your backend server and you protect your API key by IP address of your server. The Android app restriction is not working with web services.

您可以在此处阅读每种API支持的限制类型:我应将哪个密钥或凭据用于不同的Maps产品?

You can read which type of restriction is supported by each API here: Which keys or credentials should I use for different Maps products?

对于移动应用程序，Google强烈建议为HTTP Web服务请求创建一个中间服务器.因此，您的应用程序会将请求发送到中间服务器，中间服务器会将带有受IP地址保护的API密钥的Directions API请求发送给Google，并将响应传递回您的应用程序.

For mobile applications Google strongly recommends creating an intermediate server for HTTP web service requests. So your application will send requests to intermediate server, the intermediate server will send Directions API requests with API key protected by IP address to Google and pass response back to your app.

我建议对Google Maps API Web Services使用Java客户端库来实现中间代理:

I can suggest using Java client library for Google Maps API Web Services to implement an intermediate proxy:

https://github.com/googlemaps/google-maps-services-java

还有一些客户端库可用于其他后端语言(Python，Go，NodeJs):

Also there are client libraries available for other backend languages (Python, Go, NodeJs):

https://github.com/googlemaps/google-maps-services-python

https://github.com/googlemaps/google-maps-services-go

https://github.com/googlemaps/google-maps-services-js

希望我的回答能澄清您的疑问.

I hope my answer clarifies your doubt.

这篇关于在Flutter中限制Google Directions API密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！