All geek questions in one place

Understanding the Google Developer Console

I got a little confused in the work of the developer console.

I have a project in which I am accessing youtube apiv3 data. I created my project and got 4 keys:

  • Browser key
  • Server key
  • Client Client OAuth2.0 private key for web client.
  • Android Key

From this, the first three are auto-generated by google. I created an android key by providing the SHA-1 fingerprint of the project. I have the following questions that I do not seem to have answered:

  • Why am I getting the first three auto-generators? I do not work on backends, so just out of curiosity, what if the client uses the server key instead of the browser key? Any difference?

  • I assume SHA-1 is used for working with public key cryptography. Does it depend only on the package and development environment? I did not use keytool for this, but worked directly with the SigningReports features in Studio. Which parameters depend on the fingerprint? I created a new SHA-1 by deleting the debug repository. Android Studio automatically restores debug storage. Also how does this cryptography work?

  • My iOS colleague can access and update tokens without a secret key. AFAIK For OAuth2.0, we need to get the authentication token, use it with the client ID, secret key and API key to access and update the token. How do they do it? And what role does the secret key play here?

  • Most importantly: I have different KEYS APIs in my project. One in google-services.json is different in

youTubePlayerFragment.initialize (API_KEY, new YouTubePlayer.OnInitializedListener ()

is different! However, it works. How??

+5
source share
3 answers

Answer 1:

Difference between server keys and browser keys from the developer console

Server Keys:

Create and use a server key if your application runs on a server. Do not use this key outside the server code. For example, do not embed it on a web page. To prevent the theft of quotas, limit your key so that requests are allowed only from the source IP addresses of your servers.

Browser Keys:

Create and use a browser key if your application is running on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains that you administer.

Answer 2:

It will also work with keytool and SigningReports functions.

Answer 4:

You can use multiple api keys, and this is possible if you included the api key in the Google developer console, and then use the api keys in your project in projectroot/yourapp/src/debug/AndroidManifest.xml ex:

 <!-- Goolge Maps API Key --> <meta-data android:name="com.google.android.maps.v2.API_KEY" android:value="******************" /> <!-- Google Places API Key --> <meta-data android:name="com.google.android.geo.API_KEY" android:value="******************" />
+1
source

Your Youtube request is made through the Google Play Service. You insert the OAuth2.0 OAuth2.0 token into your request. OAuth2.0 tokens specify a specific type of Android key. Various keys of Android Server, Browser, Android, IOS , etc.

OAuth is associated with your user authentication. OAuth will continue the migration, and the Android key will provide the Google Play Service. The Google Play service reads information in the Google Developer Console - to decide which type of device (for example, iso, browser, Android) the Youtube server is requesting.

If you are on an Android device, you do not need browser and server keys.

https://developers.google.com/youtube/android/player/register

+1
source

Correct me if I am wrong.

  • Browser Key: Suppose you have a website, and from there you want to use the youtube API

    Server key: suppose you create your own backend api for your application and you need to use the Youtube API

    Android key: let's say you also have an Android app and you need to consume the Youtube API

    You can track each user of the API separately using different keys. You can exchange (not sure), but it just messes up the tracking.

  • SHA depends on keystore (debug / signed), and each system has a unique keystore debugging. You can create your own signed keystore.

  • What is an access token and access token and user secret key and consumer secrets I think this applies to any oAuth

  • The Youtube API, Google Maps API, or any other API are independent services. We need to track them separately, so we have different API_KEY per service for each consumer (explained in 1).

Note. Tracking I mean as API quota, impressions per second, etc.

+1
source

Source: https://habr.com/ru/post/1269560/

More articles:


All Articles