Google API: Difference between browser key and Android key?

Question

I\'m trying to use the Google Calendar API, and I\'ve generated a browser API key that seems to work. But in the API console I also have the option to generate an

Answer 1

I'm not sure if it'll work to use a browser key in an Android application, but it doesn't really make sense.

From the Google API docs:

The Console enables you to create server, browser, Android and iOS API Keys. Once you've created a key, you restrict where it can be used. The available restrictions depend upon the type of key.

• Server keys can be restricted based on your servers' source IP address(es).
• Browser keys can be restricted based on HTTP referrer.
• Android keys can be restricted based on the package name and certificate SHA-1 fingerprint.
• iOS keys can be restricted based on the bundle identifier.

It looks like you have to specify a website as the referrer for browser based keys. Since you don't know what the referrer will be in your Android app, it doesn't really make sense to do it this way. With an Android key, you can restrict API usage by the package name.

Also:

Your project can therefore have server-side components in conjunction with browser and/or mobile components, without fear of compromising your server(s) if a browser key or mobile key is compromised.

If you use two different keys, it allows you to make sure if one is compromised, the others are not. This provides better security for you.