3

I enabled Google Distance Matrix API and restricted the key for Android Apps because I will be sending http queries from my android app to receive json response:

Key Restriction

Without restriction, it works and I get expected result. But when it's restricted (with my package name and SHA1) I get a failure message in the json object with a "REQUEST_DENIED" status saying:

This IP, site or mobile application is not authorized to use this API key. Request received from IP address [ip_addr], with empty referer.

From other posts I understand that the Distance Matrix API must be used with a Server Key, but in this new Google Console there's no option for a Server Key; you just create a key and choose a restriction from the above.
Firebase Console creates a Server Key and I can use it in my android app but without restriction.

So how do I restrict this key to using Distance Matrix API only from my android app?

Alaa M.
  • 4,961
  • 10
  • 54
  • 95
  • I have the same problem, except that I'm trying to use directions API. If you found a solution it would be good to know. – VorteXavier Dec 02 '16 at 21:10
  • 1
    I didn't find a solution. I'm having this also in the Geocoding API. – Alaa M. Dec 04 '16 at 07:58
  • 1
    [This](http://stackoverflow.com/questions/33989062/restricting-usage-for-an-android-key-for-a-google-api?rq=1) looks related. The OP also opened an [issue](https://code.google.com/p/google-cloud-platform/issues/detail?id=46) in Google. – Alaa M. Dec 04 '16 at 09:59
  • 1
    As I couldn't find a better solution, I ended up configuring a reverse-proxy in my server. So the request goes from my android app to my server and then to google. My server adds the api key to the request before sending it to google. This way I can restrict my key by IP. – VorteXavier Dec 06 '16 at 19:21

1 Answers1

1

Please note that Android app restriction is valid only for Google Maps Android API v2 and Google Maps Places for Android. Web services (e.g. Distance Matrix API) will not work with this restriction.

The restrictions that will work with an API keys for web services are IP restrictions.

It is supposed that web services requests are executed on your backend servers. If you need to restrict an API key, the workaround is to create an intermediate server. Your Android application should send requests to the intermediate server, intermediate server should send requests to Google and pass responses back to your app. In this case you can restrict an API key by IP address of your intermediate server.

codepeaker
  • 420
  • 8
  • 15