How does Google Cloud Platform API key restriction for iOS apps work?

About

Asked 27/10, 2016 at 6:58 Answered 18/1, 2018 at 3:20

ios google-maps-api-3 google-cloud-platform google-translate google-speech-api

According to:

https://cloud.google.com/speech/docs/common/auth

We can create an API key to a GCP resource (e.g. Google Maps, Speech, Translate) restricted by "iOS apps" to a particular bundle ID. In principle this is great, but how does GCP actually implement this? How does GCP determine the client's bundle ID since only the client is only making standard HTTP requests to GCP -- presumably it's not reporting its bundle ID in the header?

I'd like to enable this for an API key but don't want to suddenly shut down my iOS client because somehow it's not reporting its bundle ID.

Euboea answered 27/10, 2016 at 6:58 Comment(1)

I imagine that the SDK generates a hash or a signature that includes the API key and the bundle ID and the bundle ID is also sent in the body or a header – Discounter 27/10, 2016 at 8:22

I think Google Translation API just identifies your app by value in request header key x-ios-bundle-identifier.

I tried using Postman to send a successful request with following parameters.

GCP API Key config

Postman request

Subscribe answered 18/1, 2018 at 3:20 Comment(2)

Thx, Do we have the same way with Android? – Catty 3/1, 2022 at 18:39

How do you know about x-ios-bundle-identifier header requirement? It works but is it documented anywhere? Anyway such API Key restriction feels useless. How can a header protect my key from being used by another person if anyone can set the same header? – Headforemost 14/12, 2022 at 4:12

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags