Using API Keys

This topic describes how to create an API key for the Maps SDK for Android, add it to your app, and secure the app by restricting the key. You must add an API key to any app that uses the SDK.

Before you begin

Before you start using the Maps SDK for Android, you need a project with a billing account and the Maps SDK for Android enabled. To learn more, see Set up in Cloud Console.

Creating API keys

The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes. You must have at least one API key associated with your project.

To create an API key:

Console

  1. Go to the Google Maps Platform > Credentials page.

    Go to the Credentials page

  2. On the Credentials page, click Create credentials > API key.
    The API key created dialog displays your newly created API key.
  3. Click Close.
    The new API key is listed on the Credentials page under API keys.
    (Remember to restrict the API key before using it in production.)

Cloud SDK

gcloud alpha services api-keys create \
    --project "PROJECT" \
    --display-name "DISPLAY_NAME"

Read more about the Google Cloud SDK , Cloud SDK installation , and the following commands:

Adding the API key to your app

This section describes how to store your API key so that it can be more securely referenced by your app. You should not check your API key into your version control system, so we recommend storing it in the local.properties file, which is located in the root directory of your project. For more information about the local.properties file, see Gradle properties files.

To streamline this task, you can use the Secrets Gradle Plugin for Android.

To install the plugin and store your API key:

  1. In Android Studio, open your root-level build.gradle file and add the following code to the dependencies element under buildscript. 
    buildscript {
    dependencies {
        // ...
        classpath "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:2.0.0"
    }
}
  2. Next, open your app-level build.gradle file and add the following code to the plugins element. 
    id 'com.google.android.libraries.mapsplatform.secrets-gradle-plugin'
  3. Save the file and sync your project with Gradle.
  4. Open the local.properties in your project level directory, and then add the following code. Replace YOUR_API_KEY with your API key. 
    MAPS_API_KEY=YOUR_API_KEY
  5. Save the file and sync your project with Gradle.
  6. In your AndroidManifest.xml file, go to com.google.android.geo.API_KEY and update the android:value attribute as follows: 
    <meta-data
    android:name="com.google.android.geo.API_KEY"
    android:value="${MAPS_API_KEY}" />

Note: As shown above, com.google.android.geo.API_KEY is the recommended metadata name for the API key. A key with this name can be used to authenticate to multiple Google Maps-based APIs on the Android platform, including the Maps SDK for Android. For backwards compatibility, the API also supports the name com.google.android.maps.v2.API_KEY. This legacy name allows authentication to the Android Maps API v2 only. An application can specify only one of the API key metadata names. If both are specified, the API throws an exception.

Restricting API keys

Restricting API keys adds security to your application by ensuring only authorized requests are made with your API key. We strongly recommend that you follow the instructions to set restrictions for your API keys. For more information, see API security best practices.

When you restrict your API key, you must provide the SHA-1 certificate fingerprint of the signing key that was used to sign the application. There are two certificate types:

  • Debug certificate: Only use this certificate type with apps you're testing and other non-production code. Do not attempt to publish an app that's signed with a debug certificate. The Android SDK tools generate this certificate automatically when you run a debug build.
  • Release certificate: Use this certificate when you're ready to release your app to an app store. The Android SDK tools generate this certificate when you run a release build.

For more information about digital certificates, see the Sign your app guide.

For information about getting your certificate fingerprint, see Authenticating Your Client. If you're using Play App Signing; instead, you must go to the app signing page on the Play Console to get your certificate fingerprint.

To restrict an API key:

Console

  1. Go to the Google Maps Platform > Credentials page.

    Go to the Credentials page

  2. Select the API key that you want to set a restriction on. The API key property page appears.
  3. Under Key restrictions, set the following restrictions:
    • Application restrictions:
      1. Select Android apps.
      2. Click + Add package name and fingerprint.
      3. Enter your package name and SHA-1 certificate fingerprint. For example: 
        com.example.android.mapexample
        BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75
    • API restrictions:
      1. Click Restrict key.
      2. Select Maps SDK for Android from Select APIs dropdown. If the Maps SDK for Android is not listed, you need to enable it.
  4. To finalize your changes, click Save.

Cloud SDK

List existing keys. 

gcloud services api-keys list --project="PROJECT"

Clear existing restrictions on existing key. 

gcloud alpha services api-keys update "projects/PROJECT/keys/KEY_ID" \
    --clear-restrictions

Set new restrictions on existing key. 

gcloud alpha services api-keys update "projects/PROJECT/keys/KEY_ID" \
    --api_target="maps-android-backend.googleapis.com"
    --allowed-application="sha1_fingerprint=SHA1_FINGERPRINT,package_name=ANDROID_PACKAGE_NAME"

Read more about the Google Cloud SDK , Cloud SDK installation , and the following commands: