Google Books API for Android - Access Not Configured

Question

I am using google books API KEY for android to load book data via my android application. But I am getting error listed below.

However, - The query works if I delete certificates from my API CONSOLE (e.g. make API KEY acceptable for all Applications). Though my {SHA1};{package name} information that I put is correct. - This works if I use API KEY for browser instead.

Hence, what I can understand, I can't send KEY as a part of url in httpclient method. May be I need to send via header or something. But I can't find how.

Anybody can help please?

CODE:

String link = "https://www.googleapis.com/books/v1/volumes?key=MY_KEY&q="+query+"&projection=full&langRestrict=en&maxResults=1";
HttpGet get = new HttpGet(link);
HttpParams httpParameters = new BasicHttpParams();
int timeoutConnection = 10000;
HttpConnectionParams.setConnectionTimeout(httpParameters, timeoutConnection);
HttpConnectionParams.setSoTimeout(httpParameters, timeoutConnection);
HttpClient httpclient = new  DefaultHttpClient(httpParameters);
HttpResponse response = httpclient.execute(get);
HttpEntity entity = response.getEntity();

Query:

https://www.googleapis.com/books/v1/volumes?key=MY_API_KEY&q=intitle:'The+Old+Man+And+The+Sea'+inauthor:'Ernest+Hemingway'&projection=full&langRestrict=en&maxResults=1

Result:

{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "accessNotConfigured",
    "message": "Access Not Configured"
   }
  ],
  "code": 403,
  "message": "Access Not Configured"
 }
}

Answer 1

For whom it may concern ... I send my API key in header, and it is now working.. I am not sure whether this is the proper way to it though ...

String link = "https://www.googleapis.com/books/v1/volumes?q="+params;
            InputStream is = null;
            try 
            {
                int timeoutConnection = 10000;
                URL url = new URL(link);
                HttpURLConnection con = (HttpURLConnection) url.openConnection();
                con.setConnectTimeout(timeoutConnection);
                con.setReadTimeout(timeoutConnection);
                con.setRequestProperty("key", "API_KEY");
                if(con.getResponseCode() != HttpURLConnection.HTTP_OK){
                    publishProgress("Error conneting.");
                }
                is=con.getInputStream();
            }

Answer 2

You can achieve the same result of the accepted answer using HttpGet:

String API_KEY = "..."; // Google Books API Public key
String ISBN = "...";
String bookSearchString = "https://www.googleapis.com/books/v1/volumes?q=isbn:" + ISBN;
HttpClient bookClient = new DefaultHttpClient();
try
{
    //get the data
    HttpGet bookGet = new HttpGet(bookSearchURL);
    bookGet.addHeader("key", API_KEY);
    HttpResponse bookResponse = bookClient.execute(bookGet);
    StatusLine bookSearchStatus = bookResponse.getStatusLine();
    if (bookSearchStatus.getStatusCode() == 200)
    {
        //we have a result
        HttpEntity bookEntity = bookResponse.getEntity();

        ...

    }
} catch (Exception e)
{
    e.printStackTrace();
}

Answer 3

Supplying the key in the header is the same as not supplying a key at all. Check your developer api console and you will see no successful queries with that api key. So in short the API key in header does not solve the problem. If you don't want to play by google's rules just do the query without the key at all.

Answer 4

Note that using Google API key without restrictions is insecure way to do!

Obviously if you’re being charged for access to the API data then you don’t want someone to decompile your APK, find your API key, and then start using it in their own apps.

How to hide your API Key in Android?

But It's not enough. You can store your API key somewhere, so someone can find it too.

To secure Google cloud API key for your android app, you must restrict it to use from your app only. See here for more.

After restrict key, you must include your android app package name and SHA-1 certificate fingerprint in the header of each request you are sending to Google. How to do?

That's all you need ! :D