Login/Register
Restrict Google Directions API key in Flutter
Asked Answered
Solved androidgoogle-mapsfluttergoogle-directions-api
C

1

4

I've been developing a mobile app with Flutter and want to release it soon on the Play Store. It uses the Google Directions API, and now I want to restrict the API key to this specific application.

I was able to sign the app, and I've restricted the API key to Android apps with the package name of my app and the SH1A fingerprint of the key, both of which were double-checked.

The request gets denied anyways, both in debug mode (which I assume is intentional) and in release mode. I access the API via the dart HTTP package.

My theory is that this way the Directions API cannot recognize the package name or fingerprint of the app. Is that correct? Can I fix that by using the google_maps_webview package or something else instead?

Thanks in advance,

Paul

Claptrap answered 2/6, 2019 at 12:54 Comment(0)
H
6

The issue is that Directions API is a web service. Google assumes that web services are called from a backend code and not from the frontend directly. So the unique restriction that is supported by web services like Directions API, Geocoding API, etc. is IP address restriction. It is supposed that you send requests to Google from your backend server and you protect your API key by IP address of your server. The Android app restriction is not working with web services.

You can read which type of restriction is supported by each API here: Which keys or credentials should I use for different Maps products?

For mobile applications Google strongly recommends creating an intermediate server for HTTP web service requests. So your application will send requests to intermediate server, the intermediate server will send Directions API requests with API key protected by IP address to Google and pass response back to your app.

I can suggest using Java client library for Google Maps API Web Services to implement an intermediate proxy:

https://github.com/googlemaps/google-maps-services-java

Also there are client libraries available for other backend languages (Python, Go, NodeJs):

https://github.com/googlemaps/google-maps-services-python

https://github.com/googlemaps/google-maps-services-go

https://github.com/googlemaps/google-maps-services-js

I hope my answer clarifies your doubt.

Habitue answered 2/6, 2019 at 18:16 Comment(4)
Thank you very much for this detailed explanation! The app already uses a custom REST API, so I will add the Directions API thereClaptrap
But what If my app doesn't uses REST Api,then how could I integrate directions there.Widner
If someone knows the REST request format to the intermediate proxy, anyone can misuse it, right?Burtburta
i am using it like a rest request using dio package. But my error percentage is very high (70%) and i am getting routes info as empty ... what could be the problem ? @VishnuHaridasWalt

© 2022 - 2024 — McMap. All rights reserved.