I have developed an Android app for two different clients.
I don't want my clients to use my API key. So it is required to set their individual keys. But I can't find a way to change the API key set in google_maps_api.xml file.
Any idea?
Related
I can't seem to find any documentation on how to access Google Cloud Storage using a service account from iOS. The iOS application writes images to Rails and I've used a service account with the ruby apis to save the image to Google Storage. I'm trying to read those images from iOS but it seems like the ability is not there and I'm not sure why. The only way I can make it work is to use an API key and set the predefinedAcl to 'publicRead'. This means my application's images are open to the internet.
What am I missing? Is there a reason this functionality isn't there in the iOS library? Any plans in the future?
Thanks
I think you are heavily compromising your security while following a really bad practice. Here's are two strategies on how to fix it:
When you save your images to Google Storage, you should create a signed URL for the same and use that as end point for clients/app. OR
Save original Google Storage URLs to user's account, inaccessible via user api, and during runtime when a request for image is received, generate a short duration based signed URL.
Service key based approach is really faulty as first you are giving away your project credentials and moreover you can never even expire those keys since they might be used in one of many end devices.
I am trying to deploy two applications that use apple push notifications. Both the applications talk to the same server application. Let us assume one is a a free version of the app and the other is a paid version - two different app IDs on the AppStore .
I would like build a single PEM key on the server that can be used to talk to the two different App IDs. I have been successfully able to use two separate PEM keys and have it talk to the apps separately but don't want to do this as its more of maintenance issue.
I am sure people have done this? Any ideas how I could combine the two private keys in the back end but have it talk to two App IDs?
Afraid that is not possible.
Apple use the certificate to identify app(notification receiver).
You have to use two certificates, make two connections.
I'm writing a Web app for Google TV and want to make use of the colour keys on the remote control for navigation.
I'm not getting any input from the keys in response to onkeypress or onkeydown events, does anyone know if it is possible to use these keys for input in Web apps? I have seen the keys used in apps on Google TV but I suspect these may be Android apps. I can get input from the keyboard keys and the D controller without any difficulty.
Thanks in advance,
Gordon.
The color key's are not currently supported within web applications. Chrome does not receive key events from the remote for the color keys.
These color keys are designed for universal remote functionalities on TV. Since there are no desktop equivalents to them, Chrome does not pass any keycode for them.
In general for available keys and keycodes, use the keycode tester here:
https://developers.google.com/tv/web/docs/implement_for_tv#keyboard
Is it possible to use google maps transit data to show a publich transit route inside your application rather than sending a user to google maps app?
I see that google maps on iphone does it well for switzerland (region i am interested in).
Check http://code.google.com/intl/en/apis/maps/documentation/directions/#TravelModes
driving, walking and bicycling are there, but it seems like transit is not available.
Anybody got an idea or workaround?
No, there isn't. Google licenses the data from transit agencies, not many of which licenses the data for use in the API. Some agencies publish their data in Google Transit Feed Spec. There's a list of those agencies, you could pull the data from the provider and parse it out yourself, but that's not available for everyone.
See the Transitland open data platform for a wide range of APIs for querying across all the feeds provided by transit agencies. Best places to start is the overview of the various APIs at https://www.transit.land/documentation/
I'd like to do OAuth for Twitter from an iPhone app. But doing so implies that I need to have my API secret alongside my API key baked into the application binary. This is obviously undesirable.
Facebook supports the notion of a session proxy to get around the parallel issue with their API.
Can I do something like this for Twitter?
Short answer: No.
OAuth was created for and works really well for web applications. It's a square peg in a round hole for native applications. Specification 1.0a was supposed to make it more viable for native applications, but it does little to help.
As you pointed out, one of the main problems with it is that the consumer keys have to be stored in the application. Not a problem for web applications where access to the source is limited, but a big problem for native applications.
The other major problem has to do with it providing no additional security over standard login forms for native applications, but I won't get into that.
But since Twitter is forcing it on you if you want access to higher rate limits and your application name associated with Tweets, you have little choice.
The only way to avoid having the consumer key in your application code is to proxy all requests through your own server.
Some put the key into a settings-type file that the application will read. Others store the key in a database file local to the app. Others store the key on their own server and the native app connects to the server to get the key and secret.