0
{
"error_message" : "This IP, site or mobile application is not authorized to     use this API key. Request received from IP address xxx.xxx.xxx.xxx, with empty referer",
"html_attributions" : [],
"results" : [],
"status" : "REQUEST_DENIED"
}

I have been trying all day to make a request that returns a JSON object like this: https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=500&types=food&name=cruise&key=API_KEY

I have tried following the guide at https://developers.google.com/places/android-api/signup. I have read so many posts, like How do I get a Google Places API key for my Android App, and made Server keys and Android keys. I am still getting this error message.

I've enabled the Places API in the developer's console.

I want to make this query in the Android app, so I need the Android key right? Some posts have been saying to get the Server Key. I am so confused.

I've made so many keys today. I don't know if all of the other posts of people having this problem are outdated or I am just doing something completely wrong. I've gotten the SHA1 finger print from using keytool on my command line. I still keep getting Request Denied.

Community
  • 1
  • 1
user3745236
  • 75
  • 1
  • 1
  • 6

2 Answers2

1

After some more messing around, after creating a Browser key for my Android App instead, it finally works. Doesn't really make sense to me why Browser key is needed, but there you have it...

user3745236
  • 75
  • 1
  • 1
  • 6
1

I'm not sure if it'll work to use a browser key in an Android application, but it doesn't really make sense.

From the Google API docs:

The Console enables you to create server, browser, Android and iOS API Keys. Once you've created a key, you restrict where it can be used. The available restrictions depend upon the type of key.

Server keys can be restricted based on your servers' source IP address(es). Browser keys can be restricted based on HTTP referrer. Android keys can be restricted based on the package name and certificate SHA-1 fingerprint. iOS keys can be restricted based on the bundle identifier. It looks like you have to specify a website as the referrer for browser based keys. Since you don't know what the referrer will be in your Android app, it doesn't really make sense to do it this way. With an Android key, you can restrict API usage by the package name.

Also:

Your project can therefore have server-side components in conjunction with browser and/or mobile components, without fear of compromising your server(s) if a browser key or mobile key is compromised.

If you use two different keys, it allows you to make sure if one is compromised, the others are not. This provides better security for you.

Vaibhav Barad
  • 625
  • 8
  • 17