I need to develop a database project with APEX and Google map service. I notice there is limit for Google map service.
I would assume if I write javascript code in APEX and send request to Google such as loading a map, the request is sent from client browser directly to Google map server, not from my database server to Google map server, so my application won't break the service limit. Is this assumption correct?
It doesn't matter where the request is originating from - each request contains the API key which identifies your application(might have changed since the last time I took a look). So be it coming from the Database service or the js-client - it doesn't matter.
Your app will break the service limit, the moment it crosses over the quota.
I wouldn't bother coding this as there Is a google map plugin available for 4.1. Apex-plugins.com
Related
I'm currently using the Google Distance MatriX API on in a server-side application as:
https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=STARTING_ADDRESS&destinations=DESTINATION_ADDRESS&key=MY_GOOGLE_API_KEY, which returns some JSON which is then consumed on the server.
I received an email from Google saying that they will be switching to OAuth2, but I'm not sure if they were referring to server applications or only client-side applications.
Does anybody know what they're actually doing, and if the above call will stop working eventually?
I want to use from my android/ios app the autocomplete api. For this I need to call url like:
https://maps.googleapis.com/maps/api/place/autocomplete/json?input=paris&key=<myapikey>
the problem is: What can make that someone else will not extract from my app my api key and use it for his own purpose ? It's important because at the end it's me who will be billed by google for the usage ...
Your intention is to call a Places API web service. Google Maps web services support only IP address restrictions.
You can check what type of restriction is supported by each API on the following page:
https://developers.google.com/maps/faq#keysystem
In order to protect an API key that is used with your sample request you should create an intermediate server and send your requests from this server. So your application should send request to intermediate server, intermediate server should send Places autocomplete request with protected API key to Google and pass response back to your app. In this case you can use an IP address of your intermediate server to protect unauthorized access with your API key.
I hope this helps!
What if you create and intermediate server and create a token for each single user, and also create a monitoring service which block suspicious behavior?
for example, a normal user would request x times/per day || hour || ...
Or
when a user runs application for the first time, application receives the [encrypted api + decryption key] and store them to a safe place like keychain(for iOS)
As I know, if you request directly to google-map-api there is always a way to sniffing packets.
My website makes use of Google Maps API. I recently received an email from Google that says that I should switch from a Browser Key to a Server Key in order to continue using the API past 2 Dec 2015.
So if I am not mistaken all I have to do is request a Server Key in the Google Console and put it in place of my Bowser Key? is that simple?
Here is part of the email:
Yesterday, we announced a pay-as-you-go option for seven of the Google
Maps API Web Services for free, external, publicly available websites
and mobile implementations. As part of this launch, we are tightening
security around how developers identify their usage of the APIs. You
are receiving this email because you may be affected by this change.
Starting today we have deprecated usage of 'Keys for browser
applications' or 'Browser keys’ with the Google Maps API Web Services.
Developers should instead use ‘Server keys’ with these services. Any
newly created browser keys will not work, but existing browser keys
will continue to work for 90 days starting today. On 2nd December
2015, we will be completely disabling usage of browser keys to access
Google Maps API Web Services, at which point any requests to Google
Maps Web Services APIs using such keys will begin to fail.
Currently, in my HTML I have the following that loads the Google Maps API:
<script scr="https://maps.googleapis.com/maps/api/js?v=3&signed_in=false&key=MY_BROWSER_API_KEY&sensor=false"></script>
In another page in the same website, I use the YouTube Data API in the server side to which I feed the SERVER_KEY I obtained from Google Console.
The code looks like:
require_once 'google-api-php-client/src/Google/autoload.php';
$client = new Google_Client();
$client->setDeveloperKey(GOOGLE_API_SERVER_KEY);
$youtube = new Google_Service_YouTube($client);
Yes, all you have to do is change out the key. There are complications with white lists, that may or may not affect people. The white lists between server and web keys need to be merged. This is a problem if the server does not send outgoing communications with the same ip address everytime. For example, for my company, our set up is a group of instances that get dynamically assigned ips from a public pool. In our case we are going to add an extra network interface.
So a better answer to your question is depending on whether you only use the key in a public webpage, or if you use it on a server. If you use the key on a server, and the key is connected to a paid google account for a specific map api service, then you will have to figure out the outgoing ip address(es) and add each one to the list.
A lot of people, particularly on shared hosting accounts have not white listed the server ip as until now, as it could be hidden and the risks of people pirating the key were minimal. But now, in the next 90 days, a lot of private server keys are going to be publicly exposed when people also have to put the key in their html. This will probably mean that there will be a mini migration from shared hosting to more controlled environments, in my opinion.
I have a question about Push Notifications. As far as I know, when the App starts, it checks if exists a push channel and, if not, it creates a new channel. Also there is an event which starts when the uri is changed. And this Uri gets expired after 30 days.
But what I would like to know is: I want to send these notifications even if the user does not have the app running (let's suppose for a long time, more than 30 days).
Is posible to detect the Uri changed if the App is not running?
Could I force somehow device uri update?
EDIT:
I have read this information:
Each time your app starts, you should pass the URI from your push
channel to the cloud service that sends out the push notifications. It
is also recommended that you pass the device ID to your cloud service
so that the cloud service can track to which devices the URIs are
assigned. If a URI changes, then the cloud service can replace the old
URI for that device ID. Windows Phone does not provide a framework to
do this, since in most scenarios apps and cloud services already have
their own protocols that they use to communicate with each other.
From here
According to the text, my cloud service could send the new URI to the device, instead of updating the uri from the client? If so, do you know how could I do this?
I'm building out an API and have a question about how to track/know which domains use the call after the KML gets picked up by Google's servers for rendering.
So, for example, my domain that is serving up the KML file is called kml.example.com from a PHP API. Someone on the domain www.metromapper.org builds a page that creates a Google map and then calls my file using Ajax to overlay my data on their map. Google grabs that KML file, then serves it back to the user.
Here is that example in action: http://www.metromapper.org/example/apitest.htm
(Click the center map marker to see a popup of all the PHP server variables available to the kml.example.com script.)
Since Google is grabbing it, I can't use the PHP variables REMOTE_HOST or REMOTE_ADDR to get the metromapper.org site info. They only tell me Google's IPs.
So is there some other way to get this data? Does Google happen to return it in the header somewhere? Any ideas on how to track or pass the originating remote host name around so I can get it when the call is made? Thanks, I realize this might not be solvable.
FYI, I posted this question too, but it was before I knew it was Google's IP in the REMOTE_HOST.
You could construct your KML URL like so:
var layer = new KMLLayer("http://yoursite.com?caller=" + window.location.host);
Your server will then get passed the hostname of the current page as a CGI parameter, which it can record.
Note that this has implications for caching—every site which embeds your KML file will append a different caller parameter, so Google will not be able to share cached copies of the KML between multiple sites. This may impact performance.
A better strategy may be to make an AJAX call to your domain each time someone loads the KML file, e.g.:
var layer = new KmlLayer("nice_cachable_url");
LogQuery(layer, window.location.host);
LogQuery would use AJAX or a similar technique to send the KML Layer ID and current host name to your server. Your server can then track this.
It looks like this is not possible FYI. There is no way to pass a chunk of data like this to Google's API and get it back in the data all.