0

I want to create an app using Google Speech-to-Text API.
And this app will use StreamingRecognize.
https://cloud.google.com/speech-to-text/docs/reference/rpc/google.cloud.speech.v1#google.cloud.speech.v1.Speech.StreamingRecognize

But I'm worried about cost overruns by some attacks.
e.g.) stolen api key, over execution ..etc

Suppose, if meeting these requirements, there is no problem.

  1. StreamingRecognize cannot be called without some billing by the user
  2. One user can have only one connection with StreamingRecognize

Could you tell me how to use this API secure?

App spec

Language: Flutter (Dart)

More Info:

Once I considered about this Android/iOS apps restriction,
https://cloud.google.com/docs/authentication/api-keys?visit_id=637405639528794487-3748827222&rd=1#api_key_restrictions

But I could not understand why it can be restricted.

  • If an api key sets in app, this key can be stolen.
  • Even if information is encrypted in client side, however, I think this information can be created by other client system
  • If api key can be used outside app, there is no meaning restricting in app or billing system
shy
  • 1
  • 1
  • Does this answer your question? [How do I set a cost limit in Google Developers Console](https://stackoverflow.com/questions/27616776/how-do-i-set-a-cost-limit-in-google-developers-console) – Martin Zeitler Dec 30 '20 at 06:24
  • Thank you for giving information. >Does this answer your question? No, I'm worried that one user call `StreamingRecognize` huge times deliberately by some hack. I will use Requests per 60 seconds* limitation for avoiding cost overruns temporary. But if there is lack of protection of billing system, max billing will be payed every day without any profit, and cost overruns will be occurred until I stop this app service. https://cloud.google.com/speech-to-text/quotas?hl=en Sorry for lack of words, I'd like to know how to use this api without any loss of profit. – shy Dec 30 '20 at 06:44
  • Added More Info: – shy Dec 30 '20 at 07:05
  • In particular, I want to know how to restrict `StreamingRecognize` connection per user(or api key or access token) by some service or function. But if meeting these requirements above, other solutions are also wanted. – shy Dec 30 '20 at 07:17
  • Hello, could you please check the following [thread](https://stackoverflow.com/questions/64565542/how-to-end-google-speech-to-text-streamingrecognize-gracefully-and-get-back-the)? – aga Dec 30 '20 at 10:36

0 Answers0