To use the Maps SDK for Android you must have an API key. The API key is a unique identifier that is used to authenticate requests associated with your project for usage and billing purposes.
Get the API key
You must have at least one API key associated with your project.
To get an API key:
- Visit the Google Cloud Platform Console.
- Click the project drop-down and select or create the project for which you want to add an API key.
-
Click the menu button
and select APIs & Services > Credentials.
-
On the Credentials page, click Create credentials > API key.
The API key created dialog displays your newly created API key. -
Click Close.
The new API key is listed on the Credentials page under API keys.
(Remember to restrict the API key before using it in production.)
Add the API key to your app
Follow the steps below to include the API key in your application's manifest,
contained in the file AndroidManifest.xml
.
- In
AndroidManifest.xml
, add the following element as a child of the<application>
element, by inserting it just before the closing</application>
tag:<meta-data android:name="com.google.android.geo.API_KEY" android:value="YOUR_API_KEY"/>
In the
value
attribute, replace YOUR_API_KEY with your API key (the encrypted string). This element sets the keycom.google.android.geo.API_KEY
to the value of your API key. - Save
AndroidManifest.xml
and re-build your application.
Note: As shown above,
com.google.android.geo.API_KEY
is the recommended metadata name
for the API key. A key with this name can be used to authenticate to multiple
Google Maps-based APIs on the Android platform, including the
Maps SDK for Android. For backwards compatibility, the API also
supports the name com.google.android.maps.v2.API_KEY
. This legacy
name allows authentication to the Android Maps API v2 only. An application can
specify only one of the API key metadata names. If both are specified, the API
throws an exception.
Restrict the API key
We strongly recommend that you restrict your API key. Restrictions provide added security and help ensure only authorized requests are made with your API key. There are two restrictions. You should set both:
- Application restriction: Limits usage of the API key to either websites
(HTTP referrers), web servers (IP addresses), or mobile apps (Android apps or iOS apps). You can
select only one restriction from this category, based on the platform of the API or SDK
(see GMP APIs by Platform).
Note: If you need to call web, web service, and/or mobile APIs from the same (client-side) app, create and restrict multiple keys.
- API restriction: Limits usage of the API key to one or more APIs or SDKs. Requests to an API or SDK associated with the API key will be processed. Requests to an API or SDK not associated with the API key will fail. (The API or SDK must be enabled and must support the application restriction.)
To restrict an API key:
- Go to the Google Cloud Platform Console.
- Click the project drop-down and select the project that contains the API key you want to secure.
-
Click the menu button
and select APIs & Services > Credentials.
- On the Credentials page, click the name of the API key that you want to secure.
-
On the Restrict and rename API key page, set the restrictions:
- Application restrictions
- Select Android apps and follow the instructions.
- Click + Add package name and fingerprint.
- Enter your package name and SHA-1 certificate fingerprint. For example:
com.example.android.mapexample
BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75
(For more information, see Where to get your app’s SHA-1 fingerprint). - API restrictions
- Select Restrict key.
- Click Select APIs and select Maps SDK for Android.
(If the Maps SDK for Android is not listed, you need to enable it.) - Click SAVE.
Premium Plan customers
Follow these steps to get an API key and add restrictions:
- Go to the Google Cloud Platform Console.
- Click the project drop-down and select the project created for you when you purchased the Google Maps Platform Premium Plan. The project name starts with Google Maps APIs for Business or Google Maps for Work or Google Maps.
-
Click the menu button
and select APIs & Services > Credentials.
-
On the Credentials page, click Create credentials > API key.
The API key created dialog displays your newly created API key. -
Click Close.
The new API key is listed on the Credentials page under API keys.
(To continue, see Add the API key to your app and Restrict the API key.)
Where to get your app's SHA-1 fingerprint
The Android API key restriction is based on a short form of your app's digital certificate, known as its SHA-1 fingerprint.
Getting the certification information from Android Studio
If you follow the getting
started guide for the Maps SDK for Android, Android Studio creates a handy
google_maps_api.xml
file with your app's credentials.
Choose one of the following ways to get your API key from Android Studio:
- The fast, easy way: Use the link provided in the
google_maps_api.xml
file that Android Studio created for you:- Copy the link provided in the
google_maps_api.xml
file and paste it into your browser. The link takes you to the Google Cloud Platform Console and supplies the required information to the Google Cloud Platform Console via URL parameters, thus reducing the manual input required from you. - Follow the instructions to create a new project on the Google Cloud Platform Console or select an existing project.
- Create an Android-restricted API key for your project.
- Copy the resulting API key, go back to Android Studio, and paste the
API key into the <string> element in the
google_maps_api.xml
file.
- Copy the link provided in the
- A slightly less fast way: Use the credentials provided
in the
google_maps_api.xml
file that Android Studio created for you:- Copy the credentials provided in the
google_maps_api.xml
file. - Go to the Google Cloud Platform Console in your browser.
- Use the copied credentials to add your app to an existing API key or to create a new API key.
- Copy the credentials provided in the
Getting the certificate information yourself
If you didn't follow the getting started guide when creating your app, you need to get the SHA-1 fingerprint for your certificate yourself. First ensure that you are using the right certificate. You may have two certificates:
- A debug certificate: The Android SDK tools generate this certificate automatically when you do a debug build. Only use this certificate with apps that you're testing. Do not attempt to publish an app that's signed with a debug certificate. The debug certificate is described in more detail in Signing in Debug Mode in the Android Developer Documentation.
- A release certificate: The Android SDK tools generate
this certificate when you do a release build. You can also generate this
certificate using the
keytool
program. Use this certificate when you are ready to release your app to the world.
Follow the steps below to display a certificate's SHA-1 fingerprint using
the keytool
program with the -v
parameter. For more
information about Keytool, see the
Oracle documentation.
Displaying the debug certificate fingerprint
Locate your debug keystore file. The file name is
debug.keystore
, and is created the first time you build your
project. By default, it is stored in the same directory as your Android
Virtual Device (AVD) files:
- macOS and Linux:
~/.android/
- Windows Vista and Windows 7:
C:\Users\your_user_name\.android\
List the SHA-1 fingerprint:
For Linux or macOS, open a terminal window and enter the following:
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
For Windows Vista and Windows 7, run:
keytool -list -v -keystore "%USERPROFILE%\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android
Locate your debug keystore file. The file name is
debug.keystore
, and is created the first time you build your
project. By default, it is stored in the same directory as your Android
Virtual Device (AVD) files:
- macOS and Linux:
~/.android/
- Windows Vista and Windows 7:
C:\Users\your_user_name\.android\
List the SHA-1 fingerprint:
For Linux or macOS, open a terminal window and enter the following:
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
For Windows Vista and Windows 7, run:
keytool -list -v -keystore "%USERPROFILE%\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android
You should see output similar to this:
Alias name: androiddebugkey Creation date: Jan 01, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Android Debug, O=Android, C=US Issuer: CN=Android Debug, O=Android, C=US Serial number: 4aa9b300 Valid from: Mon Jan 01 08:04:04 UTC 2013 until: Mon Jan 01 18:04:04 PST 2033 Certificate fingerprints: MD5: AE:9F:95:D0:A6:86:89:BC:A8:70:BA:34:FF:6A:AC:F9 SHA1: BB:0D:AC:74:D3:21:E1:43:07:71:9B:62:90:AF:A1:66:6E:44:5D:75 Signature algorithm name: SHA1withRSA Version: 3
Displaying the release certificate fingerprint
-
Locate your release certificate keystore file. There is no default
location or name for the release keystore. If you don't specify one when
you build your app for release, the build will leave your
.apk
unsigned, and you'll have to sign it before you can
publish it. For the release certificate, you also need the certificate's
alias and the passwords for the keystore and the certificate. You can list
the aliases for all the keys in a keystore by entering:
keytool -list -keystore your_keystore_name
Replace your_keystore_name
with the fully-qualified
path and name of the keystore, including the .keystore
extension. You'll be prompted for the keystore's password. Then
keytool
displays all the aliases in the keystore.
-
Enter the following at a terminal or command prompt:
keytool -list -v -keystore your_keystore_name -alias your_alias_name
Replace your_keystore_name
with the fully-qualified
path and name of the keystore, including the .keystore
extension. Replace your_alias_name
with the alias that
you assigned to the certificate when you created it.
Locate your release certificate keystore file. There is no default
location or name for the release keystore. If you don't specify one when
you build your app for release, the build will leave your
.apk
unsigned, and you'll have to sign it before you can
publish it. For the release certificate, you also need the certificate's
alias and the passwords for the keystore and the certificate. You can list
the aliases for all the keys in a keystore by entering:
keytool -list -keystore your_keystore_name
Replace your_keystore_name
with the fully-qualified
path and name of the keystore, including the .keystore
extension. You'll be prompted for the keystore's password. Then
keytool
displays all the aliases in the keystore.
Enter the following at a terminal or command prompt:
keytool -list -v -keystore your_keystore_name -alias your_alias_name
Replace your_keystore_name
with the fully-qualified
path and name of the keystore, including the .keystore
extension. Replace your_alias_name
with the alias that
you assigned to the certificate when you created it.
You should see output similar to this:
Alias name: <alias_name> Creation date: Feb 02, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Android Debug, O=Android, C=US Issuer: CN=Android Debug, O=Android, C=US Serial number: 4cc9b300 Valid from: Mon Feb 02 08:01:04 UTC 2013 until: Mon Feb 02 18:05:04 PST 2033 Certificate fingerprints: MD5: AE:9F:95:D0:A6:86:89:BC:A8:70:BA:34:FF:6B:AC:F9 SHA1: BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:90:AF:A1:66:6E:44:5D:75 Signature algorithm name: SHA1withRSA Version: 3
The line that begins with SHA1
contains the certificate's SHA-1
fingerprint. The fingerprint is the sequence of 20 two-digit hexadecimal
numbers separated by colons.
Refer to the Android guide to signing your applications for further information about digital certificates.