Restricting access to Google Web Services API for my Android application only

0
votes

This is a follow-up for another question on StackOverflow.

Is there any way to restrict access to Google Web Services API (in my case Places API Web Service) for my Android application only? I want to get the "address_components" field from place details and I cannot use Android API function because that field is absent in the returned object.

I've selected Android app key restriction and entered my app details (package name + SHA-1 certificate fingerprint) in Google Developer Console. I'm receiving "There is a per-IP or per-Referer restriction configured on your API key ..." error message, that is expected.

I've tried to fill "X-Android-Package" and "X-Android-Cert" headers, but noting changed. Is there any way?

1
androidgoogle-places-api

1 Answers

0
votes

The Android application restriction only works if you're using the key with the Android API, alas (the docs could be more clear about this).

If you're planning to call the web service from your mobile app, then the preferred approach is to proxy mobile calls through a service so that the API key isn't embedded in the mobile app. There's more on this approach in this blog post, which links to this video.