问题
My android app requires using the Google Place Search API but since it's not available for android, I'll have to call the Web API. I've considered using Cloud Functions but that's too expensive and can be done for a lot less if done locally on each client. The problem is storing the API key on the user's devices as it can be easily retrieved. Thus is it safe if I store the key on the RT DB and reference it only when needed?
Also, if you have suggestions, I'd me more than happy to implement them :D
回答1:
Storing the key in the database still requires that users can access it. So while it's one level more effort to retrieve, malicious users will still be able to retrieve it.
A server-side key should simply not be used in client-side code.
回答2:
Google Places APIs are available for android.
Sample Code
public void findPlace(View view) {
try {
Intent intent =
new PlaceAutocomplete.IntentBuilder(PlaceAutocomplete.MODE_FULLSCREEN)
.setFilter(typeFilter)
.build(this);
startActivityForResult(intent, PLACE_AUTOCOMPLETE_REQUEST_CODE);
} catch (GooglePlayServicesRepairableException e) {
// TODO: Handle the error.
} catch (GooglePlayServicesNotAvailableException e) {
// TODO: Handle the error.
}
}
// A place has been received; use requestCode to track the request.
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (requestCode == PLACE_AUTOCOMPLETE_REQUEST_CODE) {
if (resultCode == RESULT_OK) {
Place place = PlaceAutocomplete.getPlace(this, data);
Log.i(TAG, "Place: " + place.getName());
} else if (resultCode == PlaceAutocomplete.RESULT_ERROR) {
Status status = PlaceAutocomplete.getStatus(this, data);
// TODO: Handle the error.
Log.i(TAG, status.getStatusMessage());
} else if (resultCode == RESULT_CANCELED) {
// The user canceled the operation.
}
}
}
Complete tutorial is available here.
来源:https://stackoverflow.com/questions/44403300/storing-api-keys-on-the-realtime-database-firebase