I want to add an address autocomplete to a native android app. I read that there is an option that requires API key and have a limit and another one that doesn't require an API key and have no limit (Google maps javascript api v3?).
Is there an example for the latter? I only found non-native examples and couldn't understand how to convert them into a native one.
Is it even recommended to do it or the API key required method is more recommended?
The example here: https://developers.google.com/places/training/autocomplete-android shows the api key as part of the app itself but a later note says it should be done on the server and proxied to the app... I'm confused, how should I do it then?
Related
I've started getting this error from a Google Maps widget within a CMS I use:
This API key is not authorized to use this service or API. Places API error: ApiTargetBlockedMapError
The error message provides a helpful link to this page, which includes the following text:
ApiTargetBlockedMapError Error
The Maps JavaScript API has not been authorized for the used API key.
Please check the API restrictions settings of your API key in the
Google Cloud Platform Console.
See API keys in the Google Cloud Platform Console. For more
information, see Using API Keys.
I know Google has tweaked this API in the past, so I went to the console and checked the permissions given for the key I am using. It includes these four permissions, include the Maps JavaScript API permission:
Geocoding API
Maps Embed API
Maps JavaScript API
Maps Static API
The only part not working is the address auto-complete. When I change to Don't Restrict Key mode so the key works with all services, it works fine. Any idea which service checkbox I might be missing? I'm wondering if Google is just displaying the wrong error.
Any ideas?
This is what I did. Updated.
Make sure you have enabled all the next Google Maps Services
If you have key restrictions, make sure you add the services like the next image..
Restart the project. It worked.
It turns out that Google has tweaked their permissions settings without updating the error. I had to give access to the Places API as well for the autocomplete to function.
I've submitted a PR to the CMS widget's documentation:
https://github.com/Frojd/wagtail-geo-widget/pull/59/files
I'm writing an app in JS that fetches Google Calendar events using Google Calendar API. I've already generated an API Key and Client ID - do I have to do something to try and 'secure' them? Their tutorial puts them directly in the JS file (https://developers.google.com/calendar/quickstart/js), but then I dig further into the dev docs (https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key) and it says not to embed the API key into the code...but that could just be for paid API keys?
I'm writing this mini webapp for a class so I only need it to work for like 6 weeks. I'm hosting it via GitHub Pages, and it was the one that alerted me about the API Key when I pushed the code.
Bottom line - is it safe for me to embed the API key into the JS code that gets pushed to github and made publicly available (so I can have just a frontend and use GitHub Pages)? Or do I need to take some kind of preventative measures?
Thanks in advance!
Api key is only used for accessing public data. For example you could use it to access the Google Calendar public holiday calendars. That being said yes you should keep your api key secrete and not share it but google is aware that this is not possible with client side languages like JavaScript so i have never heard of anyone getting in trouble for leaking their api key by having it in a JavaScript application.
This warning is mainly means that you should not put it in a GitHub open source repository that anyone can download and then run. You must instruct people how to create their own.
That being said if you are trying to access private user data then you should be using Oauth2 to authenticate your users and this you can lock down to only your domain due to the need for a redirect uri. As you say you have created a client id i suspect that you have already done that. Apikey in the javascript code isnt strictly needed if you have added the client id for oauth2.
I am building a web page for bookings.
This page needs to check one of my public agendas to see if a trailer is available:
Example event
I want to use the google calendar API for this purpose, the API needs to give me a list of the dates in the google calendar. For this purpose I made a page based on the google calendar API javascript quickstart.
The only problem is that it loads the calendar of the current user (for example freddi#gmail.com) but I want it to open my calendar (thomas.leflere#gmail.com). How do I modify the google API calendar javascript quickstart code to achieve this goal?
Google Calendar API Javascript quickstart
The references you've seen involve non-REST APIs. Getting this programatically is possible using a service account. Details on how to create a service account are on Google's page about two-legged OAuth, a snippet is
Typically, an application uses a service account when the application
uses Google APIs to work with its own data rather than a user's data.
For example, an application that uses Google Cloud Datastore for data
persistence would use a service account to authenticate its calls to
the Google Cloud Datastore API.
Since this method involves putting a private key on machine initiating the API call, it seems that doing it directly from the browser in JavaScript is not going to be viable. An intermediate server would be needed.
The better alternative for JavaScript would be to invoke an Ajax REST API of a public calendar which is now in version 3. You can find documentation on the API at https://developers.google.com/google-apps/calendar/v3/reference/
I'm having some issues understanding the differences between an API Key and a Developer's Key when it comes to utilizing the YouTube API.
My application is using the restful requests in v3 of the Youtube API and I can set an API key via the gapi.client.setApiKey() function , which I have done during development, but when I was looking at the quotas, https://groups.google.com/forum/?fromgroups=#!topic/youtube-api-gdata/e1JDQ4lqbXU, it states that they are tied to a developer key instead and that the developer key should be sent with each request. I went ahead and got one for development purposes, but I'm not sure how they interact with each other.
I also didn't find any details on how to send the developer's key with each restful request (such as gapi.client.youtube.channels.list), only how to include it in the header or query string when making a regular get request.
Can someone help me understand the difference between the two, how they are related, whether I need both, and how to use them in restful requests, or if I need to switch to regular get requests?
Sorry for the confusion.
"Developer keys" refer to keys that worked with v1 or v2 of the YouTube Data API. You can obtain them here. There's a separate quota system in place for v1/v2 and yes, developer keys do come into play there.
"API Keys" refer to keys that you use when making unauthenticated requests using v3 of the YouTube Data API. (If you're making an authenticated request, you don't include an API Key, since the OAuth 2 client id/secret identifies your application.) You get an API Key that you could use with YouTube from the Google APIs console, after turning on the YouTUbe Data API v3 as one of the Services you're using. Quota in v3 is tied to your API Console project, and your API Key identifies which project you're using.
The takeaway is that if you're making unauthenticated YouTube Data API v3 calls, you should only include an API Key from the Google APIs console in your request. If you're using the JavaClient library, that's done via gapi.client.setApiKey().
The instructions for v.3 of the Google Maps API say that I
should load the Maps API using an API key
Curiously it says I should..., rather than I must..... Anyhow, at the moment, I am not using an API key simply because (as far as I can remember) there was no mention of an API key when I was writing the code that calls this API.
Should I go back and add an API key to the URL that loads the API? It seems to work fine without the key, so I don't have any particular incentive to do this.
You're actually required to not have a key if you're a business user. Here's a quote from Google:
Google Maps API for Business developers must not include a key in their requests. Please refer to Loading the Google Maps JavaScript API for Business-specific instructions.
Normal users, however, will be fine with or without a key, although Google recommends having a key so you can monitor the API usage. Here is a quote verifying this:
The Google Maps JavaScript API V3 does not require a key, but there are benefits to using one.
You only need a key if you want to use the API management console to restrict access, collect usage statistics, etc. So, a key is recommended but not required.
See Obtaining an API key
In Api version 2 a key is required to run gmap out of localhost
in the API v3 a key is not required