Error 403 with Android restricted Cloud Platform API key and Cloud Endpoints

[Cristina De Rito]

I have a problem restricting a Google Cloud Platform API key usage to an Android app: I have added its package name and certificate SHA-1 fingerprint (the debug one to get started) but it doesn't work.

The error I get when calling any API is

403 Requests from this Android client application <empty> are blocked.

I'm calling the APIs by using a Cloud Endpoints generated client lib, and I've not been able to find any method that I can use at initialisation time to set the app credentials, nor does it do it by itself (as I can guess from the "<empty>" in the error). I can't find any useful info in any documentation as well, as far as I've red it seems like it should do it by itself.

This is my init code:

MyApi.Builder builder = new MyApi.Builder(new NetHttpTransport(), new AndroidJsonFactory(), null)
                .setApplicationName("<my package name>")
                .setRootUrl(<my root URL>)
                .setGoogleClientRequestInitializer(new MyApiRequestInitializer(<my API key>));

I've also tried what suggested in this answer but nothing changed.

Is there any passage I'm missing? How should it be done?

[Adam (Cloud Platform Support)]

Provided that you are using the Endpoints client library that you generated for Android, it's not necessary to manually add the headers yourself. You need to configure the client library to authenticate, and the full instructions for this are provided in the documentation Calling Backend APIs from an Android Client.

[Sandeep]

Am facing the same issue as Cristina. My android app doesn't have GET_ACCOUNTS or USE_CREDENTIALS permission. I wan to authenticate client app, not user, hence using this API key.

[Thành Nguyễn Xuân]

I'm facing the same issue . Are you resolve it ?

[Sandeep]

Nope, nothing on this.

Alternatively, I tried Cloud Endpoints v2, with Firebase, using EspAuthenticator.class authenticator. Did Anonymous login in Firebase, got token. Passed that token to Endpoint method. It worked.

Though I had to take care of token expiration.

But again, this is not a good approach.

On Thu, May 17, 2018 at 8:21 AM, Thành Nguyễn Xuân <xuanth...@gmail.com> wrote:

I'm facing the same issue . Are you resolve it ?

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/kN0MaIkeUC8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/e55466ee-6221-45af-af0c-ba232f6e1d1a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Caxton Chan]

This is still able to reproduce so that it cannot restrict API key with specific android app. Any suggestion?