5

I am using this as my request url: 

`String isbnUrl = "https://www.googleapis.com/books/v1/volumes?q=isbn:" + isbn + "&key=" + myAPIKEY;`

Can anyone tell me why I keep getting this response: 

{
   "error":{
      "errors":[
         {
            "domain":"usageLimits",
            "reason":"ipRefererBlocked",
            "message":"There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
            "extendedHelp":"https://console.developers.google.com"
         }
      ],
      "code":403,
      "message":"There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
   }
}

I have gone through the process of getting an API for my Android app using the debug keystore and release keystore and can't seem to get it to work I have tried adding my key as a header as suggested as an answer here: Google Books API 403 Access Not Configured.
I thought this was the answer but then realized by accident that it was the same as not supplying a key at all. I came to this realization after entering the wrong String as the key and it still worked.

In the developer console I am seeing that it receives the request from my API under usage response code section: Client errors (4xx).

I would really appreciate any help if anyone has figured out how to get this API to work the way Google wants by including the key.

Community
  • 1
  • 1

1 Answers1

0

Problem is when setting up your API key restriction for android app, you specified the package name and SHA-1 certificate fingerprint. Therefore your API key will only accept request from your app with package name and SHA-1 certificate fingerprint specified.

So when you send an request to Google, you MUST add these information in the header of each request with following keys:

Key: "X-Android-Package", value: your app package name

Key: "X-Android-Cert", value: SHA-1 certificate of your apk

FIRST, get your app SHA signature (you will need Guava library):

/**
 * Gets the SHA1 signature, hex encoded for inclusion with Google Cloud Platform API requests
 *
 * @param packageName Identifies the APK whose signature should be extracted.
 * @return a lowercase, hex-encoded
 */
public static String getSignature(@NonNull PackageManager pm, @NonNull String packageName) {
    try {
        PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
        if (packageInfo == null
                || packageInfo.signatures == null
                || packageInfo.signatures.length == 0
                || packageInfo.signatures[0] == null) {
            return null;
        }
        return signatureDigest(packageInfo.signatures[0]);
    } catch (PackageManager.NameNotFoundException e) {
        return null;
    }
}

private static String signatureDigest(Signature sig) {
    byte[] signature = sig.toByteArray();
    try {
        MessageDigest md = MessageDigest.getInstance("SHA1");
        byte[] digest = md.digest(signature);
        return BaseEncoding.base16().lowerCase().encode(digest);
    } catch (NoSuchAlgorithmException e) {
        return null;
    }
}

Then, add package name and SHA certificate signature to request header:

java.net.URL url = new URL(REQUEST_URL);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
try {
    connection.setDoInput(true);
    connection.setDoOutput(true);

    connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
    connection.setRequestProperty("Accept", "application/json");

    // add package name to request header
    String packageName = mActivity.getPackageName();
    connection.setRequestProperty("X-Android-Package", packageName);
    // add SHA certificate to request header
    String sig = getSignature(mActivity.getPackageManager(), packageName);
    connection.setRequestProperty("X-Android-Cert", sig);
    connection.setRequestMethod("POST");

    // ADD YOUR REQUEST BODY HERE
    // ....................
} catch (Exception e) {
    e.printStackTrace();
} finally {
    connection.disconnect();
}

You can see full answer here.

Enjoy coding :D

Community
  • 1
  • 1
Duy Pham
  • 1,179
  • 1
  • 14
  • 19