Troubleshooting problems with ARCore API authorization

Page Summary

API Key authentication issues can be resolved by enabling the ARCore API, checking for and disabling API Key restrictions, and ensuring the API Key in your project's credentials matches the one used by your app.

Select platform:

(Android) Keyless doesn't work (`ErrorNotAuthorized`)

When communication with the ARCore API server throws ErrorNotAuthorized, ensure that your application contains the com.google.android.gms:play-services-auth library:

Build your app, and check the resulting artifact with the APK Analyzer. Ensure that the built application binary includes the com.google.android.gms.auth package, and that its contents are not renamed or minified.
- If it is not present, follow Include required libraries and ensure the library is included and that the minification settings are correct.
Show the security information present in the failing target artifact using the keytool utility:
AAB artifact
```
keytool -printcert -jarfile artifact.aab
```
APK artifact
```
keytool -printcert -jarfile artifact.apk
```
Ensure the SHA-1 certificate fingerprint matches the credentials used in your project's OAuth 2.0 client ID.
Ensure that you have enabled the ARCore API for the correct project in Google Cloud.

(Android) Keyless authorization is successful in some build types (e.g. Debug) but not in others

If keyless authorization succeeds in certain builds but not in others, ensure that the fingerprint present in the failing artifact matches the fingerprint listed in the Google Cloud Console. See Keyless authorization doesn't work and follow steps to verify that the signing key fingerprint for that artifact matches the fingerprint listed in Google Cloud.

(Android) Keyless authorization does not work when using Play App Signing

If keyless authorization works on your local builds, but not after uploading to the Google Play Store when Play App Signing is enabled, ensure that the SHA-1 certificate fingerprint registered in your project's credentials match the fingerprint Google uses to sign your app:

In the App Signing page in Google Play, scroll to App signing key certificate. Note the SHA-1 certificate fingerprint.
Create a new OAuth 2.0 client ID using the SHA-1 certificate fingerprint from the previous step.

For more information, see Play App Signing.

(iOS) Keyless authorization doesn't work (`ErrorNotAuthorized`)

Check ARCore API settings

Ensure that the ARCore API is enabled.

Check the service account keyfile

Open the json keyfile used to sign your tokens.

Verify that the project_id field is the same Project ID in Google Cloud.
Verify that the client_email field matches the email address listed in your Service Account.

Check the generated tokens

Obtain a signed token and paste it into a JWT debugger to verify the payload:

Ensure that the aud claim is https://arcore.googleapis.com/.
Ensure that the iss and sub claims are equal to the client_email field in your keyfile, and match the Service Account.
Ensure that the exp timestamp is in the future.

API Key authentication is not working

If API Key authorization is not working, follow these steps:

Ensure that you have enabled the ARCore API for the correct project in Google Cloud.
If you have any API Key restrictions enabled, temporarily disable them.
Ensure that the API Key listed in your project's Credentials exactly matches the API Key used by your app, with no spaces or any other characters.

Troubleshooting problems with ARCore API authorization Stay organized with collections Save and categorize content based on your preferences.