Google距离矩阵可以使用Android应用程序限制的API密钥吗？ [英] Can an Android-App-Restricted API key be used for Google Distance Matrix?

问题描述

我启用了Google Distance Matrix API并限制了Android应用的密钥，因为我将从我的android应用发送http查询以接收json响应：

没有限制，它的工作原理和我得到预期的结果。但是，当它受到限制时（使用我的包名称和SHA1），我在json对象中收到一条失败消息，并显示REQUEST_DENIED状态：

此IP，网站或移动应用程序未被授权使用此API密钥。来自IP地址[ip_addr]的请求，带有空的引用者。

从其他文章中我了解到，距离矩阵API必须与一个服务器密钥，但在这个新的Google控制台中，没有用于服务器密钥的选项;您只需创建一个密钥并从上面选择限制即可。

Firebase控制台创建服务器密钥，我可以在我的Android应用程序中使用它，但不受限制。

那么如何限制这个键只能从我的android应用程序使用Distance Matrix API？

解决方案

请注意，Android应用限制仅适用于Google Maps Android API v2和Android版Google地图位置。 Web服务（例如距离矩阵API）不适用于此限制。

可用于Web服务的API密钥的限制是IP限制。

假设Web服务请求在您的后端服务器上执行。如果您需要限制一个API密钥，解决方法是创建一个中间服务器。您的Android应用程序应向中间服务器发送请求，中间服务器应向Google发送请求并将响应传递回您的应用程序。在这种情况下，您可以通过中间服务器的IP地址来限制API密钥。

I enabled Google Distance Matrix API and restricted the key for Android Apps because I will be sending http queries from my android app to receive json response:

Without restriction, it works and I get expected result. But when it's restricted (with my package name and SHA1) I get a failure message in the json object with a "REQUEST_DENIED" status saying:

This IP, site or mobile application is not authorized to use this API key. Request received from IP address [ip_addr], with empty referer.

From other posts I understand that the Distance Matrix API must be used with a Server Key, but in this new Google Console there's no option for a Server Key; you just create a key and choose a restriction from the above.
Firebase Console creates a Server Key and I can use it in my android app but without restriction.

So how do I restrict this key to using Distance Matrix API only from my android app?

解决方案

Please note that Android app restriction is valid only for Google Maps Android API v2 and Google Maps Places for Android. Web services (e.g. Distance Matrix API) will not work with this restriction.

The restrictions that will work with an API keys for web services are IP restrictions.

It is supposed that web services requests are executed on your backend servers. If you need to restrict an API key, the workaround is to create an intermediate server. Your Android application should send requests to the intermediate server, intermediate server should send requests to Google and pass responses back to your app. In this case you can restrict an API key by IP address of your intermediate server.

这篇关于Google距离矩阵可以使用Android应用程序限制的API密钥吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！