Allow-all Referer Rule for Google Translate API (v2)?
Asked Answered
N

1

5

I'm trying to build an SMS (text messaging) app which uses the Google Translate API to translating texts sent to it. I've set up App Engine and the entire 8000-step process of choosing Public API key access, not choosing oauth, manually setting a quota limit after realizing it wouldn't let me without giving Google a credit card number, then setting up billing, and finally getting to "Edit allowed referers", which I set to:

*

...while I'm debugging, which I intend to change to the actual URL of where the code will live.

Using an asterisk doesn't work. What is the syntax for Google Translate API v2 Public API referrer rules I have to use to allow connections from anywhere in cyberspace, like Apigee? Currently this call (with MY_KEY_HERE substituted for the actual key):

https://www.googleapis.com/language/translate/v2?key=MY_KEY_HERE&q=hello%20world&source=en&target=de

Returns:

{
  "error":  {
    "errors":  [
       {
        "domain": "usageLimits",
        "reason": "accessNotConfigured",
        "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
        "extendedHelp": "https://console.developers.google.com"
      }
    ],
    "code": 403,
    "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
  }
}
Nicotine answered 29/11, 2014 at 7:10 Comment(2)
I've also tried *.apigee.com/* for just apigee, and *.herokuapp.com/* for a Heroku instance I spun up for just testing. Neither work. There is no reference for what the syntax of these rules are.Nicotine
Side note: According to the API quota I've set, I haven't gotten anywhere near my rate limits: TOTAL QUOTA 2,000,000 characters/day REMAINING 2,000,000 characters/day 100% of totalNicotine
A
7

To answer your question, you can leave the “ACCEPT REQUESTS FROM THESE HTTP REFERERS (WEB SITES)” field empty. The key then will have “Any referer allowed” (confirmed working).

Allowing any referrer is not a good idea as your key may become compromised. Judging by your use case, you can have an Endpoint that will accept text for translation and return it translated. Actual Translate API call will be done on endpoint with OAuth2 to access the API.

Anesthetic answered 2/12, 2014 at 14:35 Comment(1)
Thanks! I plan on changing to restrict to a production domain, but leaving it open for now so I can debug the API calls being made by the library I'm using.Nicotine

© 2022 - 2024 — McMap. All rights reserved.