TechQA.

Flutter Google Places API Authorization Error

27 views Asked by At

I have a Flutter application that utilizes Google Maps for displaying maps and making calls to the Places API to retrieve nearby stores based on the user's location. During development I did not restrict the API keys but now that I want to move to production I restricted both the Android and iOS keys

Here's how I make the call to the Places API:

final String apiUrl =
    "https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=${cords.latitude}%2C${cords.longitude}&radius=$radius&type=$type&key=$apiKey";
final response = await http.get(Uri.parse(apiUrl));

I tried to restrict the API keys for iOS and android (1 key for each app). The map is shown properly but the calls to the places API return the following error:

{
   "error_message" : "This IP, site or mobile application is not authorized to use this API key. Request received from IP address x.x.x.x, with empty referer",
   "html_attributions" : [],
   "results" : [],
   "status" : "REQUEST_DENIED"
}

After searching for quite some time, I found a Stack Overflow post suggesting that some google maps APIs are designed to be called from a backend system rather than directly from the frontend. Here's the link to the post for reference: Android Google Maps Direction Api - Api key restriction not working

It got me thinking maybe it would be the case for me as well. Based on the provided link by the user it turns out it actually is... (Please let me know if I am mistaken)

Picture from maps FAQ showing the way to restrict Places API

Which keys or credentials should I use for different Maps products?

I'm considering modifying the way I call the Places API. Since I already use Firebase, I'm thinking of triggering a Cloud Function to make the Places API call and then forwarding the JSON response to the client phone. However, I'm unsure whether I should restrict the API key for the Cloud Function.

My questions are:

  • Does my reasoning for switching to a Cloud Function for calling the Places API stand correct based on the provided Stack Overflow post?
  • Should I restrict the API key for the Cloud Function, considering security concerns?

If you believe I could tackle this issue in another way please let me know, I also noticed on the table that there are entries for Places SDK for android and iOS that can be restricted to application but I don't know if it suits my case because I am using flutter.

Things to clarify:

  • the key is correct it works when I turn off restrictions
  • billing is enabled
  • the places api is also enabled
  • There is remaining quota

Any suggestions or insights would be greatly appreciated. Thank you in advance.

flutter google-maps google-places-api
Original Q&A
0

There are 0 answers

Related Questions in FLUTTER

Related Questions in GOOGLE-MAPS

Related Questions in GOOGLE-PLACES-API

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions