Could not fetch Places - REQUEST_DENIED - ios

I want to fetch places from google place api, I just download SPGooglePlacesAutocomplete & created new API Key enable place, direction & map api's from Google API Console still i am getting error alert.
Any help very much appreciated.

I assume you are using key which is made for iOS apps.But SPGooglePlacesAutocomplete might be using Google's public API to fetch the places list. So in that case you should use key for your browser apps. You can refer following link for more elaborated ans
REQUEST_DENIED when using the Google Places API

The Google Places API Web Service enforces a default limit of 1,000 free requests per 24 hour period.
The "status": "REQUEST_DENIED" is returned by the Google Places API Web Service when:
You have not activated the Google Places API Web Service in the Google API Console.
The key parameter is missing from your request. EX.
https://maps.googleapis.com/maps/api/place/add/json?key=YOUR_API_KEY
The key parameter does not match the your API key in the Google API Console.
Your API key has not been correctly set up in the Google API Console:
If you are using a browser-restricted API key, check that your
allowed referer(s) are correct.
If you are using a server-restricted API key, check that your allowed
IP(s) are correct.
API keys with Android or iOS restrictions are not supported. Please
use a generic (unrestricted) API key, or a key with browser or server
restrictions.
The request was not sent as an HTTPS request, HTTPS is required for all Google Places API Web Service requests.
The incorrect HTTP method was used to send the request:
All requests must be sent as a GET request except for Place Add.
All Place Add requests must be sent as a POST request.

You have to Create API Key from this link & from google console make sure you have enabled Google Place API.

Related

The provided API key is expired (for Directions API)

I have looked into the first 15 "similar questions" to my question and none resolved my issue. Sometimes, the error I am getting for the same API request is "This IP, site or mobile application is not authorized to use this API key. Request received from IP address {*ip_address*}, with empty referer". I also searched for that and none of the solutions suggested helped in my case.
My current situation
I am calling https://maps.googleapis.com/maps/api/directions/json?key=MYKEY&some_other_params in an iOS project
I am using an API key that is restricted to a Bundle ID
I have a list of items (let's refer to it as location items) that when clicked I call the Direction API to get route info
I am getting the two errors I mentioned above interchangeably. That means sometimes I get the expired error and sometimes I get the IP error. I get the errors for the same location item.
APIs enabled:
Directions API
Geolocation API
Maps SDK for iOS
Geocoding API
Places API
The Bundle ID is not the problem
I know that my Bundle ID is correct as I am using it with another service, which is Firebase. To eliminate the silly mistake of mistyping, I copied the same Bundle ID from my Firebase API credential. My API key for Firebase is restricted to the same Bundle ID and to the Firebase service. It is working without any issues.
API restrictions only
To eliminate the Bundle ID issue, I also tried None for the Application restrictions and chose to restrict APIs. I added the APIs I listed above one at a time and called the Directions API. Nothing worked, neither having a single API (Directions API) or having all of them.
The weird thing about Places API
A weird behavior I am getting is that I created a new API key and it worked without any restrictions. What is more weird is that I disabled Places API temporarily. I did this as I wanted to "refresh" my APIs. I read in another thread that the IP issue was resolved by disabling and re-enabling the Places API.So I turned it off but did not turn it on immediately. I used a new API key and clicking my location items yields to route info (I got the desired result).
Other restrictions (usage limit and billing)
I know that it is also not about the restriction of too many attempts on the Directions API. The documentation states that the limit is 50 requests per second. Besides, I did the "fast clicking of items" using the unrestricted API key and I always get a route info. Billing is also enabled on our project so that's not the issue either.
Stuck with an unrestricted key
Right now we are using an unrestricted key that is unacceptable. I wonder, why using an unrestricted key works perfectly and restricting it does not. I am sure I am missing a configuration but I have tried every possible combination that I can think of.
API keys restricted to your application's bundle ID won't work for backend web service requests such as Directions API. These API keys would only work for request made from Places SDK and Maps SDK for iOS. This is the reason why you are getting the error "This IP, site or mobile application is not authorized to use this API key. Request received from IP address {ip_address}, with empty referer".
According to Google Maps API key best practices, for API keys used for Web services sent directly from a mobile applications, you can do one or more of the following techniques to secure your API keys:
Use a proxy server. The proxy server provides a solid source for interacting with the appropriate Google Maps Platform API. Then restrict your API key with IP restrictions.
Obfuscate or encrypt the API key or signing secret. This complicates scraping of API keys and other private data directly from the application.
Use CA pinning or certificate pinning to verify the server resources are valid. CA pinning checks that a server's certificate was issued by a trusted certificate authority, and prevents Man-In-The-Middle attacks that could lead to a third party discovering your API key.

Google Sheet API v4

I try to use example "Read multiple ranges":
https://sheets.googleapis.com/v4/spreadsheets/{SpreadsheetID}/values:batchGet?ranges=Sheet1!B:B&ranges=Sheet1!D:D&valueRenderOption=UNFORMATTED_VALUES?majorDimension=COLUMNS
from: Google Sheets API v4 example
I replaced "spreadsheetId" with my spreadsheet id.
But when I send GET request (by Postman) I receive:
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
Than I used https://developers.google.com/oauthplayground/
I made authorisation for Spreadsheet API v4 with my email and at the end I generated a long link with key and saw correct response with content of my data table.
My question is next:
Why it's imposible to use the example from Google API (https://developers.google.com/sheets/api/samples/reading) only replace the spreadsheet id.
P.s Link to my spreadsheet is public, My spreadsheet is public and available in JSON format and what is correct use of url for Google Spreadsheet API v4 in order to send batchGet with multiple requests?
P.s.s I use another approach and it works but why first approach (v4) doesn't work:
https://spreadsheets.google.com/feeds/list/{SpreadsheetID}/od6/public/values?alt=json
When I tried to combine 2 APIs in one request and received and error "Inconsistent repeating query parameter ranges":
https://spreadsheets.google.com/feeds/list/{SpreadsheetID}/od6/public/values:batchGet?ranges=Sheet1!B:B&ranges=Sheet1!D:D&valueRenderOption=UNFORMATTED_VALUES?majorDimension=COLUMNS
======================================
Edited:
SpreadSheetID: 1KBk1J7TJCwnayMnTbaysqvFk98kVDdxXWNw2JYc3bW0
Available in incognito mode: Spreadsheet
In JSON format: JSON
Reference: Google Sheets API v4: Read multiple ranges
The same example with SpreadSheetID: ERROR 403
I believe you are missing API in the url. This is from google spreadsheet api doc.
To acquire an API key:
Open the Credentials page in the API Console.
API keys: A request that does not provide an OAuth 2.0 token must send
an API key. The key identifies your project and provides API access,
quota, and reports.
The API supports several types of restrictions on API keys. If the API
key that you need doesn't already exist, then create an API key in the
Console by clicking Create credentials > API key. You can restrict the
key before using it in production by clicking Restrict key and
selecting one of the Restrictions. To keep your API keys secure,
follow the best practices for securely using API keys.
After you have an API key, your application can append the query
parameter key=yourAPIKey to all request URLs.
The API key is safe for embedding in URLs; it doesn't need any
encoding.
Google Spreadsheet Docs
You have to make sure to pass in the key=YOUR_API_KEY as the request parameter.
For example:
https://sheets.googleapis.com/v4/spreadsheets/{sheet_id}/values/Sheet1!A1:D5?key={YOUR_API_KEY}
In addition to #skamble89's answer, this 403 error is usually caused by incorrect or missed some configuration in Authorizing Requests. If you're authorizing requests with OAuth 2.0, make sure you use the proper scope with it.
Make sure you have a permission to call this spreadsheet and you enable the Sheets API in your developer console.
The Sheet must have a Public link for the API KEY to be used.
You have to share the spreadsheet, select "Get Link", and "Anyone with the Link".
That gives a link like this: https://docs.google.com/spreadsheets/d/1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o/edit?usp=sharing.
So there, the Sheet ID is after: /d/, is: 1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o.
curl "https://sheets.googleapis.com/v4/spreadsheets/1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o/values/A1%3AD3?key={YourApy"

How does Google Cloud Platform API key restriction for iOS apps work?

According to:
https://cloud.google.com/speech/docs/common/auth
We can create an API key to a GCP resource (e.g. Google Maps, Speech, Translate) restricted by "iOS apps" to a particular bundle ID. In principle this is great, but how does GCP actually implement this? How does GCP determine the client's bundle ID since only the client is only making standard HTTP requests to GCP -- presumably it's not reporting its bundle ID in the header?
I'd like to enable this for an API key but don't want to suddenly shut down my iOS client because somehow it's not reporting its bundle ID.
I think Google Translation API just identifies your app by value in request header key x-ios-bundle-identifier.
I tried using Postman to send a successful request with following parameters.
GCP API Key config
Postman request

Google API Client side usage - is the API Key mandatory?

I am using Google directions and geocode services in my iOS App, and it works fine. I am also using Google maps API.
For google maps, I am using an API Key, but for geocoding and directions services, I am calling them as any REST Webservice, without adding the API Key parameter, and it works.
My questions here are
Is the API Key mandatory for client-side calls ? Is it legal ?
If not, what are the risks?
If I add an API Key, the 2500 query per day per key limit will apply, or the limit will be per users IP address?
In https://developers.google.com/maps/documentation/directions/ I can read
All Directions API applications should use an API key
In https://developers.google.com/maps/documentation/geocoding/ I can read
All Geocoding API applications should use an API key
At the same time, I am not using Server side Geocoding/Directions, but Client side calls, and for now, I haven't sent any ApiKey when using it.
A key is not required for these webservices, they may work without.
The difference is the quota: without a key it will be based on the IP-address of the server. When your domain shares the same IP-address with other domains(usually it's the case) you will also share your quota with these domains.
The result: when applications placed at other domains with the same IP(may be houndreds) also request these services(without a key) you'll often hit the limits.
When you use the services on clientside(via the methods of the maps-Javascript-API) it doesn't matter at all, any limit will apply to the user of your application, not to the application.

Invalid Developer Key

I was reaching the youtube api quota limit while building my application so I added a developer key to the request and now I get a 403 error: Invalid Developer Key.
I've tried recreating my project and api key multiple times without any luck. I've tried adding the key to the URI as well as sending it in a header:
$c1 = curl_init($feedURL);
curl_setopt($c1, CURLOPT_HTTPHEADER, array(
'X-GData-Key: key=AIzaS...',
'GData-Version: 2'
));
My application is simple, all requested data is public, so I don't see a reason to use the Zend PHP Client.
You're using a v3 "API key" while querying v2 of the API.
v3 "API key"s are obtained from the Access tab of https://code.google.com/apis/console/ and are what you use to make non-authenticated requests to any of the APIs listed on that console.
v2 "developer key"s are obtained from http://code.google.com/apis/youtube/dashboard/ and is what you're looking for.
I believe that one of the goals is to retrofit v2 of the API to start supporting "API key"s from the API console, but that isn't something that's possible at this time.

Resources