Using API Keys

Before you begin

Before you start using the Places SDK for Android, you need a project with a billing account and the Places SDK for Android enabled. To learn more, see Set up in Cloud Console.

Creating API keys

The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes. You must have at least one API key associated with your project.

To create an API key:

Go to the APIs & Services > Credentials page.

Go to the Credentials page
On the Credentials page, click Create credentials > API key.
The API key created dialog displays your newly created API key.
Click Close.
The new API key is listed on the Credentials page under API keys.
(Remember to restrict the API key before using it in production.)

Adding the API key to your app

Add the API key when initializing the Places SDK for Android in your application.

Restricting API keys

Restricting API Keys adds security to your application by ensuring only authorized requests are made with your API Key. We strongly recommend that you follow the instructions to set restrictions for your API Keys. For more information, see API Key best practices.

To restrict an API key:

Go to the APIs & Services > Credentials page.

Go to the Credentials page
Select the API key that you want to set a restriction on. The API key property page appears.
Under Key restrictions, set the following restrictions:

Application restrictions:

Select Android apps.
Click + Add package name and fingerprint.
Enter your package name and SHA-1 certificate fingerprint. For example:
```
com.example.android.mapexample
```
```
BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75
```
For more information, see Getting a SHA-1 fingerprint.

API restrictions:

Click Restrict key.
Select Places API from Select APIs dropdown.
If the Places API is not listed, you need to enable it.

To finalize your changes, click Save.

Finding your app's certificate information

The API key is based on a short form of your app's digital certificate, known as its SHA-1 fingerprint. To display the SHA-1 fingerprint for your certificate, first ensure that you are using the right certificate. You may have two certificates:

A debug certificate: The Android SDK tools generate this certificate automatically when you do a debug build. Only use this certificate with apps that you're testing. Do not attempt to publish an app that's signed with a debug certificate. The debug certificate is described in more detail in Signing in Debug Mode in the Android Developer Documentation.
A release certificate: The Android SDK tools generate this certificate when you do a release build. You can also generate this certificate using the keytool program. Use this certificate when you are ready to release your app to the world.

Using Gradle

Gradle makes it very easy to get your app's signing info. Simply run ./gradlew signingReport.

The output should look something like this:

Task :app:signingReport

Variant: debug
Config: debug
Store: ~/.android/debug.keystore
Alias: AndroidDebugKey
MD5: 76:4E:BF:C3:59:DA:D3:8F:98:D6:3C:DB:87:A4:5B:E7
SHA1: 99:8E:73:B8:3A:A3:A3:C4:C1:D4:19:08:F6:7E:9E:F6:75:29:4C:B2
SHA-256: 6C:01:12:53:90:94:73:B5:66:D6:07:FF:A5:6F:AB:30:AE:99:20:55:0F:B3:12:22:4C:46:7E:02:3D:7E:6D:1D
Valid until: Friday, June 25, 2049
----------
Variant: release
Config: release
Store: app/keystore.jks
Alias: keystore
MD5: 1E:63:0F:14:67:E0:04:BD:98:4C:EB:2B:09:EF:7E:1E
SHA1: 2C:DF:9F:D1:A3:0D:1E:01:48:34:5D:91:52:0B:D8:8A:5A:07:45:C3
SHA-256: 12:66:CE:4B:90:FD:64:1A:4D:79:9E:78:AD:59:0C:21:D8:53:61:EE:2B:90:E4:67:CE:65:A0:76:04:13:23:89
Valid until: Tuesday, September 29, 2116

Manually

Follow the steps below to display a certificate's SHA-1 fingerprint using the keytool program with the -v parameter. For more information about Keytool, see the Oracle documentation.

Debug certificate

Displaying the debug certificate fingerprint

Locate your debug keystore file. The file name is debug.keystore, and is created the first time you build your project. By default, it is stored in the same directory as your Android Virtual Device (AVD) files:
- macOS and Linux: ~/.android/
- Windows Vista and Windows 7: C:\Users\your_user_name\.android\

List the SHA-1 fingerprint:

For Linux or macOS, open a terminal window and enter the following:

keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android

For Windows Vista and Windows 7, run:

keytool -list -v -keystore "%USERPROFILE%\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android

You should see output similar to this:

Alias name: androiddebugkey
Creation date: Jan 01, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 4aa9b300
Valid from: Mon Jan 01 08:04:04 UTC 2013 until: Mon Jan 01 18:04:04 PST 2033
Certificate fingerprints:
     MD5:  AE:9F:95:D0:A6:86:89:BC:A8:70:BA:34:FF:6A:AC:F9
     SHA1: BB:0D:AC:74:D3:21:E1:43:07:71:9B:62:90:AF:A1:66:6E:44:5D:75
     Signature algorithm name: SHA1withRSA
     Version: 3

Release certificate

Displaying the release certificate fingerprint

Locate your release certificate keystore file. There is no default location or name for the release keystore. If you don't specify one when you build your app for release, the build will leave your .apk unsigned, and you'll have to sign it before you can publish it. For the release certificate, you also need the certificate's alias and the passwords for the keystore and the certificate. You can list the aliases for all the keys in a keystore by entering:
```
keytool -list -keystore your_keystore_name
```
Replace your_keystore_name with the fully-qualified path and name of the keystore, including the .keystore extension. You'll be prompted for the keystore's password. Then keytool displays all the aliases in the keystore.
Enter the following at a terminal or command prompt:
```
keytool -list -v -keystore your_keystore_name -alias your_alias_name
```
Replace your_keystore_name with the fully-qualified path and name of the keystore, including the .keystore extension. Replace your_alias_name with the alias that you assigned to the certificate when you created it.

You should see output similar to this:

Alias name: <alias_name>
Creation date: Feb 02, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 4cc9b300
Valid from: Mon Feb 02 08:01:04 UTC 2013 until: Mon Feb 02 18:05:04 PST 2033
Certificate fingerprints:
    MD5:  AE:9F:95:D0:A6:86:89:BC:A8:70:BA:34:FF:6B:AC:F9
    SHA1: BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:90:AF:A1:66:6E:44:5D:75
    Signature algorithm name: SHA1withRSA
    Version: 3

The line that begins SHA1 contains the certificate's SHA-1 fingerprint. The fingerprint is the sequence of 20 two-digit hexadecimal numbers separated by colons.

Caution: To protect your keystore and key, don't enter the storepass or keypass arguments on the command line unless you're confident of your computer's security. For example, on a public computer, someone could look at your terminal window history or list of running processes, get the password, and then have write access to your signing certificate. This would allow that person to modify or replace your app with their own.