All,
Getting "REQUEST DENIED" when I try to access Google Maps Geocoding web service. Not sure why. The URL looks right to me and the Simple Access API browser key is valid and has both Maps v2 and Maps v3 turned on.
I realize the API key is no longer required in v3 so I have no idea how to get around the API limits using the web services via query string params.
http://maps.googleapis.com/maps/api/geocode/json?key=MYAPIKEY&latlng=39.76144296429947,-104.8011589050293&sensor=true
When I remove the "key" parameter, it works but I need stats and don't wanna hit the API access limits so I need the key in there (I think)
Any suggestions would be great.
Thanks
Decided to go with geonames.org for this project. Much easier to deal with than Google.
Related
From the official tutorials on https://community.algolia.com/instantsearch.js/, Algolia requires you to code the key into your application and used with each api request. If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
Do you want the cruel truth? Nothing...
Unfortunately in a web app does not exist anyway of securing secrets, be they api-keys, tokens or any other name convention that may be used.
In a web app all is needed is to use F12 or view the page source and search for them in the raw html and JavaScript.
You can try to use JavaScript obfuscation to make it hard to find but will still be easy to reverse engineer. Even in a mobile app that have their code obfuscated and released as a binary is easy to extract this secrets.
If you want to understand a little more about Mobile Api Security Techinques please read this series of articles to find how api-keys, access tokens, HMAC and other techniques can be used and bypassed. While the article was wrote in the context of a mobile API is still valid in a web app context for the security techniques used to protect the API.
Possible Solution
The best approach is to always delegate your web app access to third part API's to a backend you can control.
In this backend you can then use a User Behaviour Analytics(UBA) solution to monitor bad use of this third part access.
Once UBA can be complex and expensive to deploy you could start by using the new Google reCaptcha V3 across all pages of your web app. ReCaptcha V3 does not require direct user interaction once it works on the background to differentiate humans from bots.
So I would have the web app requesting the Agolia search to my backend that would use reCaptcha V3 protection to differentiate abuse in the search functionality by bots or attackers.
Remember that this approach has the huge benefit of never reveal your Agolia API Key, thus attackers can never directly use it.
I am developing a windows application using devexpress components and Delphi but when I try to use the map component I get this error message "The request was forbidden. Your credentials may be denied or suspended" what it means and how to fix ?
It sounds like either you have provided a Bing Maps key into your application that has been blocked, or you didn't provide a key at all and the devexpress component might have someone else's key in it which has since been blocked. Not sure which DevExpres control you are using. If using their WPF control, here is documentation on how to use Bing Maps in it: https://documentation.devexpress.com/#WPF/CustomDocument17459 Note that there is a BingKey parameter in the XAML example that you need to provide a value for.
DevExpress also provided some documentation on how to get a Bing Maps key here: https://documentation.devexpress.com/#WPF/CustomDocument10974
Additionally you can also get a Bing Maps key through Azure here: https://azure.microsoft.com/en-us/marketplace/partners/bingmaps/mapapis/
I am developing a service which is suppose to browse all project IDs/buckets/objects for a particular google user.
I have created the projects using Google Console and able to get the device/user/verification-url etc..and able to get the access
and refersh tokens as well.
While I got these, I had to use the ClientID and Client_Secret_Key (which as a google user) I got to see in Google Console.
Ideally, I would like to obtain this information(ClientID and secret type) in backend by using some HTTP requests or may be by some
other means.
Is anybody aware of how to obtain these ?
Maybe you're looking for the concept of a Service Account?
A service account is like S3's Access Key ID and Secret Key -- rather than being a particular Google user's data, it's the application's data.
I am implementing espn api, but having some issue, most api gives me this response.
{"timestamp" :"2013-02-25T11:19:02Z","message" :"This action is forbidden for the requested resource at your permission level. Please review the documentation for account level access.","status" :"error","code" :403}
I am using this api Espn MLB Standing
I want to know that where to review the documentation, i is there any need to purchase some api or anything else?
[EDIT]
One more thing there is ?apikey=:yourkey , so this key is same for all user or we have to get this according to user login.
I think you are using the wrong apikey or there is some issue in your URL query.
Your app will have a unique apikey. This key is same for all users who are using the app.
You should get a apikey by registering to their site and use it for development purpose.
My rep doesn't allowing commenting, but I thought I'd add the following here:
A small amount of ESPN API data is free, but much requires payment.
You probably don't want to publicly share your personal API key for security reasons.
Go to http://developer.espn.com/io-docs and plug in your API key and use the GUI to generate an API call/response. It's a good way to see a valid, working syntax that you can then drop into your app and edit as necessary.
I am working on a commercial application on iPhone that is using google map. I have Google map api premier client id and cryptographic key to use google map for some limited services like "directions".I generated the signature key using this code:
http://code.google.com/p/gmaps-samples/source/browse/trunk/urlsigning/urlsigner.m?spec=svn2498&r=2498
But still the WS claims "too many connections".
Is there any problem for using Google Maps API Premier in iPhone?
Please Help.
Also, you can learn more on the quota on Maps API web services for Business users, here:
https://developers.google.com/maps/documentation/business/faq#usage_limits
Most likely not related to the use of the API from iPhones.
I would suggest that you open a case with Maps API for Business Support Team (new name for Maps API Premier). You can do it under:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142858&rd=1
If you don't yet have access you can also submit a request using a form:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142246#request
Putting the error messages aside , it seems alarming that you want to use server side geocoding from an iPhone. The problem with this is that you won't be able to scale as your user base grows since your limits are set.
Instead you should try reading on client side geocoding.
There is a really good article that explains how to make this decision:
https://developers.google.com/maps/articles/geocodestrat
"too many connections" does not sound like an error message you might be getting from Google Servers, but rather something to do with the platform. If you contact support they will be able to check that for you.
I hope that helps!