We have an open API and I was wondering how I could securely tell if my own app is making the api request. I recently figured this out on android (use the sha1 fingerprint), what would the iOS equivalent of this be?
Here's a quote from the android question that was asked:
I have an android app. Now I want that only my App can access my database on server. I know any body can decompile my app and can find the API urls and can access my database from the browser. Is there any way to protect my database from such API calls which are not generated by my Android App ?
I want to add any secret in Android App which change or destroy if anybody de-compile my Android App.
https://www.quora.com/How-can-I-check-if-that-API-call-is-from-my-Android-app-or-from-outside-on-the-server-side
I’m trying to use Google Directions API. I have the SDK all set up. I have enabled Google Maps SDK for iOS under the Services in the developer console. Below is the URL I've built to get the directions.
There are two types of keys in the developer console.
First I tried with the Key for iOS apps.
https://maps.googleapis.com/maps/api/directions/json?origin=-37.814107,144.96328&destination=-31.953004,115.857469&key=<Key for iOS apps>
But I got the error This IP, site or mobile application is not authorized to use this API key.
When I searched for a solution to this error I saw in a few StackOverflow answers (1, 2) that iOS keys are not supported. In the answers they're talking about the Google Places API but I thought it might be the same case with Directions because the error was the same.
So I replaces the Key for iOS apps with Key for browser apps and ran it again but I got a new error This API project is not authorized to use this API. Please ensure that this API is activated in the APIs Console.
My question is are there any other APIs I have to activate in the Services to get this working? These are the other map related Google APIs in the list.
The API "Google Maps SDK for iOS" - it is only for integrating the "Google Maps SDK"...
If you want to “use” Directions.. you have to “activate” in the Google console: "Directions API” , too developers.google.com/maps/documentation/directions
Happy coding!
Are you using
https://developers.google.com/maps/documentation/ios/ also there is a nice documentation there.
Yes you need to activate the IOS Maps SDK in the google api center when you log in
Has anyone had success in using the Gmail API's authorization in a Phonegap application? I found this (http://phonegap-tips.com/articles/google-api-oauth-with-phonegaps-inappbrowser.html) that describes using the generic Google API OAuth with Phonegap's inappbrowser plugin, but the newly released Gmail API does OAuth authorization differently, and I'm not sure how to get it to work with Phonegap.
Note: It does work when I try a web version of my app, but the button that brings up the authorization screen doesn't do anything in Phonegap..not sure why. I do have the appropriate Android credentials for the app in the Google Developer's Console.
UPDATE: Using OAuth's Phonegap SDK (found after registering your app here: https://oauth.io/), I am able to authenticate a Google Account. However, I am unsure how to then call Gmail API methods or correctly pass whatever authentication tokens from the OAuth SDK to any Gmail API code. Has anyone done this and can share their knowledge?
I found a solution using the OAuthio Phonegap SDK. Then I can call the appropriate HTTPS requests from the Gmail API.
If you want to login your users via Google on iOS and Android, then use this new plugin I just created: https://github.com/EddyVerbruggen/cordova-plugin-googleplus
You will also receive the name and gender etc from the plugin. The plugin will also try SSO with any other Google apps installed on your device by using the Google+ SDK on both platforms.
I'm using oAuth2, and I have a project in my google API console with an iOS client and a Web client registered.
I'd like to auth in from my iOS app, and have my web backend retrieve an access token so it can do the heavy processing work with the Google api.
I've tried following these instructions which are for android: https://developers.google.com/accounts/docs/CrossClientAuth
But I keep getting an invalid scope when I assign the scope as:
oauth2:server:client_id:MY.WEB.CLIENT.ID:api_scope:http://www.google.com/m8/feeds/ https://mail.google.com/ https://www.googleapis.com/auth/plus.login
Anyone successfully implement a similar set up for iOS? If so please explain or share documentation? What libraries or SDKs did you use to get the code from google on the iOS app that the web backend could use to generate a proper access token of it's own?
As of June 18th, the google iOS SDK 1.7.0 supports one-time authorization code which is consistent with the Android feature: https://developers.google.com/+/release-notes/
I'm trying to make an Autocomplete field which should fetch cities as the user types, by using the Google Places API as described in this tutorial:
https://developers.google.com/places/training/autocomplete-android
You've probably found this question around many times before as I did, but none of the answers helped me. Here are the things you should know:
The URL is
https://maps.googleapis.com/maps/api/place/autocomplete/json?sensor=false&key=myKey&components=country:ro&input=whatTheUserTypes
Please don't reply by saying you replaced the API key with your own and it worked - the API key which goes there must be Android specific and won't work from a browser.
So did I make the Android API key using the SHA1 fingerprint obtained from the keystore I signed the app with.
I turned on Maps and Places APIs from the console.
The quota isn't exceeded.
All those and it still gives me REQUEST_DENIED
What I didn't mention is that I have O2Auth activated - does that change anything? Shouldn't it be as simple as putting the API key in the app?
Thanks!
Although this has been answered, I think the community could do better.
I was tearing my hair out about this, it just didn't make sense to me.. I was making an iOS/Android App, so I made an iOS/Android Key...
Wrong.
With Google's Places API, your bundle identifier isn't even considered.
What you really want to do is this:
(I'm using the new User Interface)
1. Log into https://cloud.google.com/console#/project
Select your Project Name, then go into API's & Auth > APIs
Make sure you have Places API Turned on. This is the only thing that needs to be turned on for Places-API to work.
2. Go into Credentials
Click CREATE NEW KEY under Public API Access
3. Select BROWSER KEY
4. Click Create, Nothing Else
Leave the HTTP Refer box empty.
5. Use the Key Generated here
This key will allow ANY user from any device access to the API via your Developer login.
You can try it out here: (Be sure to replace YOUR_KEY_HERE with your generated Key)
https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Food%20Sh&sensor=false&radius=500&location=0,0&key=YOUR_KEY_HERE
6. Enjoy
Now you can use that URL above in your Android/iOS device.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
If you would like to request this support, please file a Places API - Feature Request.
https://developers.google.com/places/training/autocomplete-android
Storing your API key
Although the above code demonstrates how to communicate directly
between an Android app and the Places Autocomplete service, you should
not store your Places API key with your app.
You should therefore build a web application that stores your API key
and proxies the Places API services. In order to secure communication
between your Android app and the proxy web service, you should require
user authentication to your proxy web service. Your Android app can
securely store user credentials and pass them to your web service, or
the user can log into your web app via an Android WebView.
For the latter approach, your web app should create and return a user
authentication token to your Android app, and your Android app should
subsequently pass this token to your proxy web service.
Go to google cloud platform console>Credentials click on edit by selected your YOUR_API_KEY>Application restrictions > select none option>save thats it.
If you select the android apps option from Application restrictions then google deny the place API with exception REQUEST_DENIED.
In Google dev console, you should be able to find both "Places API" and "Places API for Android"
Make sure to use "Places API for Android"
For some reason, "Places API for Android" is hidden in the API list, but can be accessed using search.
I had the same issue , I fix it by leaving
Accept requests from these HTTP referrers (web sites) (Optional)
in browser key Empty
I am still new, so I cannot comment, but to shed some light on Moe's answer, I resolved some similar Google Maps API issues regarding URL queries (for directions, using Volley) with the following steps:
Get Android API Key (including Google Maps Directions API in my case).
Get "Server" API Key (which seems to be created by using a key restriction of "HTTP referrers" these days - really, it's just used to issue URL queries through HTTP).
Store the Android API key as a meta-data tag in the application tag in AndroidManifest.xml with android:name="com.google.android.maps.v2.API_KEY" and android:value as your key. This is used for direct interaction with the Maps API (minus URL queries).
Use the server API key whenever issuing URL queries.
I am not sure if this also applies to URL queries for the Places API, if you only need the server API key, or if there is a better solution, but this worked for me.
I imagine that it works with just the first key - the one not restricted to Android.
Inside Google Cloud Console type Places and Activate it. Create an API Key and insert it onto your Android Studio App as you would do normally. That`s it.
I had the same problem. For me the key was to enable billing on project. I am still using "Applications for Android" restrictions. After setting up the payment method, Places Api started working.
Prior to using the Places SDK for Android, do the following:
Follow the Get an API Key guide to get, add, and restrict an API key.
Enable billing on each of your projects.
Enable the Places API for each of your projects.
See it there.
Be sure also to check out the billing plans for the Google Places API as it is not free!