Home > Software engineering >  Google Maps 1 API Key Restrictions for Android *and* iOS Mobile Apps
Google Maps 1 API Key Restrictions for Android *and* iOS Mobile Apps

Time:11-20

it looks like if I'd like to enable key restrictions for Android and iOS app the only way is to use Application restrictions with 1 key being used on both platforms?

I'm having 1 Google Maps Key being used on Android and iOS, and what I can find in the GCP -> APIs and services -> Credentials, is the choice between one of those, I can't select both platforms.

Would it be correct? If yes, then it'd be better to create 2 separated keys rather than limiting on the Application restrictions level? My application is React Native with react-native-maps package for Google Maps and it's quite natural to use 1 codebase, also 1 API key.

It's technical also possible to use 2 keys*, but next time when releasing on Web and Desktop, I'll need to use yet another keys. Eventually, ending up with 4, instead of 1, which simplifies key management.

*I'll only need to change the reference to a different variable https://github.com/tamotam-com/tamotam-app/blob/master/ios/TamoTam/AppDelegate.m#L36 and/or https://github.com/tamotam-com/tamotam-app/blob/master/android/app/src/main/AndroidManifest.xml#L20

Google Cloud Platform (GCP) APIs Credentials

Google Cloud Platform (GCP) APIs Credentials

CodePudding user response:

API security best practices

"API keys are required for apps and projects that use the Google Maps Platform APIs and SDKs. For maximum security and minimal effort, secure your API keys when you create them.

While it is possible to secure API keys after they're created and in use, there can be different constraints based on how the key is used. Updating or replacing keys in mobile apps (Android and iOS) are the most complicated, since the keys won't all be replaced until all customers update their apps. Updating or replacing keys in JavaScript or Web Service apps are much more straightforward, but updating or replacing these keys still may require careful planning and fast work."

It is considered as best practice when you Use seperate API keys for each app

The reason would be because:

"This limits the scope of each key. If an API key is compromised, you can delete or regenerate the impacted key without needing to update your other API keys."

Simplified key management could cost you security. So having 4 keys instead of 1, is still better most especially if your key was compromised.

Hope this helps.

  • Related