在Android上安全地将浏览器密钥用于Google Places API网络服务 [英] Safely Using a Browser Key for Google Places API Web Service on Android

问题描述

我一直在使用用于Android自动填充小部件的Google Places API 通过将 PlaceAutocompleteFragment 嵌入到我的活动中.这项工作正常，但由于小部件的性能以及缺少 radius 过滤器(在完整的解决方案

应该从后端服务器调用Web服务.Web服务的API密钥支持IP地址限制.因此，为了保护将与Web服务请求一起使用的API密钥，您应该创建一个中间服务器，该服务器将请求发送给Google，并将响应传递回您的Android应用.为了保护API密钥，您应该使用中间服务器的IP地址.

I've been using the Google Places API for Android Autocomplete Widget by embedding the PlaceAutocompleteFragment into my activity. This works alright, but has several drawbacks for my implementation stemming from the widget's performance and the lack of the radius filter that is available in the full Google Places API Web Service.

I'd like to start moving off the Google Places API for Android and use the Google Places API Web Service instead to get access to the broader filtering options. However, the documentation states the following:

Note: The Google Places API Web Service does not work with an Android or iOS restricted API key.

This means, I assume, that I have to use either a Browser or Server restricted API Key in my application, but on Android, I understand these options to be less than ideal because it becomes possible to steal the API key.

How can I safely use a Browser API Key within my Android application?

解决方案

The web service is supposed to be called from your backend server. The API keys for web services support IP address restriction. So, in order to protect an API key that you are going to use with web service requests you should create an intermediate server that will send requests to Google and pass responses back to your Android app. To protect an API key you should use an IP address of your intermediate server.

这篇关于在Android上安全地将浏览器密钥用于Google Places API网络服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！