0

Google's api,facebook's api uses package name of application and SHA1 certificate for their API keys.But how they work? Suppose I have package name com.example.test and API key is UIW9934JIO. So how they ensure that the API key is only restricted to com.example.test application. No one can access that key from any other browser or application and how do i implement that type of API key restriction in my application?

vikrant arankalle
  • 278
  • 1
  • 14
Nirav Shah
  • 263
  • 3
  • 12
  • The SDK on the device can check that the APK with package name `com.example.test` was signed with a key having the correct SHA1. Nobody can fake this without knowing the signing key. (At least not with affordable effort) – Henry Dec 16 '17 at 10:02
  • Thank for that..But how can i implement with my application and web server that provide API service.I want to protect to only my application. – Nirav Shah Dec 16 '17 at 10:12
  • duplicate of https://stackoverflow.com/questions/25685124/what-is-sha1-fingerprint – vikrant arankalle Dec 16 '17 at 11:02

0 Answers0