I have gone through the Android documentation and other blogs related to using the Places API in an Android application. Everywhere it suggests to use the API_KEY to call the REST service. The API_KEY being the same throughout the project/application. There is a limitation of 1000 requests per day.
Now if my application is installed by many users, then the request limit will be easily exhausted if the same key is used by everyone.
There would be some way to generate the API_KEY for individual user. But how can I take care of it in my code?
You can have the quota raised to 100,000 requests a day if you verify your identity:
Users who have verified their identity through the APIs console are
allowed 100 000 requests per 24 hour period. A credit card is required
for verification, by enabling billing in the console. We ask for your
credit card purely to validate your identity. Your card will not be
charged for use of the Places API.
You'll find this information and more if you go to the Google APIs Console, select Services and click on the Pricing link on the Places API line.
100,000 requests a day is a lot and should be sufficient unless your app is extremely popular. And I don't think that creating several user to generate several API keys will be possible without violating Google's terms and policies.
Related
I have a question regarding implementing Google speech, or google cloud API in general, for Android
What I want is to have multiple certificates or API keys for different clients.
In practice, I can have 10 different Android devices, linked to Server 1 for Client 1, and 20 different Android devices, linked to another server for Client 2.
I would like to split the billing of this clients but using same Android project/package.
In https://github.com/GoogleCloudPlatform/android-docs-samples/tree/master/speech/Speech example there is an OAuth2 Credential used, but the problem here is that you can have only 1 OAuth2 Credential for 1 project, but in this case I would need multiple, so this is not an option.
Even if I implement OAuth2 on a server and refresh Tokens for devices, I would need to have multiples.
In the end I would have 1 google account, with multiple client configuration, where each client is seperate when checking billing info and also for restricting purposes. If I have multiple keys I can just disable one and that is
So my question is (if I can split billing for specific API key/service account, or just know the usage used)
How to change example implementation to use API keys or different Service accounts with GoogleCredentials.fromstream()? Do I need to manually implement API requests to google REST API, or is this possible in Android with something like:
SpeechClient.create(SpeechSettings.newBuilder().setCredentialsProvider {API_KEY}.build())
You can't have billing details per API Keys used on Speech API. Here, the easiest solution is to have one project per customer. When a request come in, check the user Id (because the user is already authenticated and you have a OAuth2 token) on the server and, according with the user info stored somewhere (we use Firestore for user profile storage), call the Speech API in the correct project.
You have 1 billing per project, and a free tier per project also!
Edit 1
It's possible I wasn't clear. Here a schema.
I have a game app that is going to be released on Google Play in 2-3 weeks that uses Google sign-in to authenticate users.
So, I created a web client ID, linked the project and set up the login environment.
I use Google API from client, get tokenID from Google response, send tokenID to my backend server, verify token and finally get the Google user id from the 'sub' field of the Google json token.
At this point, if the user is a new user I create a new record in my db, if the user already exists I fetch info from that user and authenticate his login.
This is essentially the flow I use to authenticate users at every app start.
From Google API Console / Cloud Platform, I verified my app in the OAuth Consent Screen section and I noticed a rate limit of 100 tokens per minute or 10.000 per day.
So the problem is: looking at current pre-registrations I expect on release day at least 20.000 users sign-ins. I don't use any sensitive or restricted scope, only Google sign-in and Google Play Games base scopes. Is that limit dangerous for me? Will users get error 403 limit exceeded in my case? or does this limit apply only for restricted scopes?
The fastest solution I found is to implement a guest sign-in to prevent users from not being able to sign-in.
Thanks a lot in advance for your support.
I'm up for any question or clarification.
To be on the safe side for the user and Google product from abuse, applications that use OAuth and Google Identity have certain quota restrictions based on the risk level of the OAuth scopes an app uses. These limits include the following:
-- A new user authorization rate limit that limits how quickly your application can get new users.
-- A total new user cap. To learn more, see the Unverified apps [1] page.
When an application exceeds the rate limit the user will get: Error 403: rate_limit_exceeded, please have below relevant screenshot [3].
As suggested, if we see that any application will reach the rate limit soon (it seems expected from your comment) via the Google API console or see this error being displayed, we should take action to improve the application’s user experience, we will need to have a request for a rate limit quota increase for the application by following the link [2]. Please have the documentation [3] for detailed explanation about your concern.
[1] https://support.google.com/cloud/answer/7454865
[2] https://support.google.com/code/contact/oauth_quota_increase
[3] https://support.google.com/cloud/answer/9028764?hl=en
I am stuck at generating API key for google map but somehow I came to know Google has just changed policies for APIKEY. Can't I get the API key for free use because it's showing me to enable business account?
Since July 16, 2018, the Google Maps API does not allow freemium without creating a business profile, including the requirement of a credit card for billing.
From there, you will be able to use the old 2,5k free queries per day, but at the moment you cross that line, you will pay for the service.
You can see that in the documentation for old and new users in "View Documentation": https://cloud.google.com/maps-platform/?apis=maps
I am now developing a social application. But recently I noticed that Firebase is blocked in China. So I want to make sure whether firebase can be used in China?
* EDIT 24 January 2020 *
Some of the information here might be out of date.
Firebase has a China service at https://firebase.google.cn/ which is not blocked in the PRC. (Thanks to #c-an for bringing this up.)
That said, *.google.com and *.googleapis.com are still blocked in China. I'll change/update this as I get more information.
Original Answer
For now Firebase is blocked and can't be used in China, along with other Google services, because the PRC has blocked all URIs with *.google.com and *.googleapis.com.
This also means, for example, that the Play app store can't be accessed from China. If you don't know what's going on between Google and the PRC, here's a primer.
Also, according to Chinese law, user data of Chinese citizens must be stored inside of the PRC. You might be able to get away with only addressing this once you have a significant number of users, but the trend has been for the CCP to crack down more and more on foreign information, even busting VPNs and declaring them illegal despite complaints of academics who say that they need, you know, real information.
As we're now in the run-up to the 19th Party Congress this autumn, we can expect the situation to get worse before it gets better. Maybe 2018 will leave room for relaxation?
For now, very sadly, forget anything Google in China, and be prepared to store user data of PRC citizens on servers located inside the Great Firewall. Also be prepared for seemingly random degradations of your service within China, or to be blocked altogether, along with these other blocked services.
Update 2017-11-23: The 19th Party Congress has come and gone and, if anything, Google services look less likely than ever to become available in China. The great firewall is likely to continue to be strengthened as the Chinese Communist Party extends its role into corporations, and foreign firms are generally disadvantaged.
Update 2018-08-05: Google plans to open a censored version of its search in China, according to leaked documents. It seems reasonable to assume that if a censored Google Search becomes available in the PRC, then Firebase and other Google Cloud products may as well. The censored search plan, code-named Dragonfly, has reportedly been in the works since December 2017, possibly a result of meetings that month between Google CEO Sundar Pichai and an unnamed top Chinese official when they met at the World Internet Conference in Wuzhen, China, where PRC General Secretary and President Xi Jinping gave a speech.
Update 2018-12-23: It appears that Google's Project Dragonfly is now on hold if not outright abandoned. This implies that the outlook for Firebase in China has worsened.
You can build your own Rest API server outside of China, and make the server talks to Firebase rest api endpoints of Realtime db or Authentication, https://firebase.google.com/docs/reference/rest/database. So you web app talks to your rest api server (accessible from China), and your rest api server talks to Firebase.
The answer is NO :
Using a huge part of Firebase services, I contacted the support, this is the answer :
I'm glad you are considering Firebase for your project. However, in
accordance with current U.S. policies, it is not possible to use
Firebase from within certain countries. For more information about
these restrictions, please refer to the U.S. Department of the
Treasury website. The current list is of blocked countries is listed
here. If you have end-users located within China, it's quite difficult
to access Firebase there since the use of Firebase requires Google
Play Services, which most of the devices in China don't have. We
understand that access to our products has been problematic from
within mainland China. We believe it may have been caused by
networking conditions in China, rather than Google's own services.
Since access to services is determined by the respective country's
government and they don't report to Google, the Transparency Report is
the most authoritative it can be.
I just tested and I am able to access my realtime database hosted on the Singapore region in China mainland. No need to modify anything. Whatever works overseas, works in China. Tested in Beijing.
Facing the same problem, if you are in china, install Astrill VPN and change from openweb to StealthVPN, connect to a server like USA for china one and login to firebase. It will work successfully.
I'm trying to develop android app something like "Notes". The idea is to ask user to sign in to his google account and use his drive space to store his notes. Simply user should have his data with him & should pay for storage if necessary. Also in future this should work for Windows, iOS.
Till now, I have discovered Drive API and I'm confused. Its is showing 'me' the billing options.
Any idea?
the billing options you see are for your console project. you wont need to enable billing unless you will use up the daily quotas. the free quotas are very large, in the millions of calls per day. those quotas are not related to the space your files will use in each user's drive. they just refer to your right to call the apis with your console keys.
I'm not sure where you are seeing billing options, but the Drive API stores items in the user's Drive using the user's quota.