关于 Google Cloud Platform (GCP) API 密钥的 Google Play 安全警报 [英] Google Play Security alert about Google Cloud Platform (GCP) API keys
问题描述
我们在多个平台(Android、iOS、Web)上使用 GCP API 密钥用于 Google 地图、位置搜索 (api/place/autocomplete)、静态 Google 地图等.现在我想为 Android 应用程序创建一个新的/单独的密钥,以便我可以添加适当的限制,例如包名 SHA1 和使用的 API.
We were using a GCP API key on multiple platforms (Android, iOS, Web) for Google map, Location search (api/place/autocomplete), static Google Map, etc.
Now I wanted to create a new/separate Key for Android App so I can add appropriate restrictions like package name SHA1 and used APIs.
我创建了一个新密钥,在该地图工作正常后将其更改为应用程序,但位置搜索 API 一直抛出异常-此 IP、站点或移动应用程序无权使用此 API 密钥.从IP地址
I've created a new key, Changed it into the App after that map is working fine but Location search API is kept throwing an exception-
This IP, site or mobile application is not authorized to use this API key. Request received from IP address <ip>, with empty referer",
有人遇到过这个问题吗?或者我应该如何调试这个的任何线索?
Has anyone faced this issue? Or any clue that how should I debug this?
推荐答案
您不能使用受 Android 或 iOS 限制的 API 密钥发出 Web 服务请求.Web 服务是服务器端的,仅适用于受 IP 地址限制的 API 密钥.
You cannot make web service requests using an API key that is Android or iOS restricted. Web services are server-side and only work with API keys that are restricted by IP address.
您的每个 API 密钥都应根据所使用的 API 进行适当限制.
Each of your API keys should be restricted properly based on the API in use.
对于网络服务,请使用受 IP 限制的 API 密钥.
对于客户端服务,请使用 HTTP 引用限制的 API 密钥.
适用于 Android 或 iOS,使用 Android/iOS 受限 API 密钥.
For web services, use an IP-restricted API key.
For client-side services, use an HTTP referrer-restricted API key.
For Maps and Places SDK for Android or iOS, use an Android/iOS restricted API key.
要了解有关 Google Maps API 的 API 密钥限制的更多信息,请查看以下资源:https://developers.google.com/maps/faq#keysystem
https://developers.google.com/maps/api-key-最佳实践#restrict_apikey
To learn more on API key restrictions for Google Maps APIs please check out these resources:
https://developers.google.com/maps/faq#keysystem
https://developers.google.com/maps/api-key-best-practices#restrict_apikey
希望这能澄清您的问题!
Hope this clarifies your question!
这篇关于关于 Google Cloud Platform (GCP) API 密钥的 Google Play 安全警报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
