Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Distance calculator - Google API 1

Status
Not open for further replies.
Koen Piller

Koen Piller

Programmer
Jun 30, 2005
841
NL
Hi,
The code provided bij Mike Gagnon Link needs now an Google APIKey.
This Key is easy to obtain from Google, but how to implent in the code?
Regards,
Koen
 
Sort by date Sort by votes
You're asking how to keep this key secret, right?

Read this discussion: The conclusion is you better not embed this directly into a VFP executable. Because in the end Fiddler added as a proxy can record HTTP traffic, even HTTPS.

The solution is to have your own proxy on an own domain in conjunction with using Googles own key management mechanisms to restrict key usage from one domain only, your proxy service domain.

Now the problem only seems to be shifted, as your own domain needs to act as a proxy between your EXE which means now your domain is becoming the target, anyone could use your key by using your proxy. You have some advantages, even though the communication of your EXE with your proxy can still be eavesdropped on. Your proxy may only support part of the functionality and using it only gives an attacker the ability to use the rate limit. It already is far less interesting. Besides, as long as you only use what you get free by using a free key, that key is not really valuable for neither you nor Google nor others, as everyone can get free keys.

And aside of that with your own proxy, the part of the communication between your EXE and your proxy is totally up to you, you can sign every request with one time keys or do whatever you want that makes eavesdropping on this communication useless. The part of the communication between your proxy and Google is protected by the Google API key restriction, your domain bound key is useless for others, and you should trust your hoster enough both to protect your server-side code and not use keys deposited there themselves.

Bye, Olaf.




Olaf Doschke Software Engineering
 
Upvote 0 Downvote
Hi Olaf,
No I was not asking to keep this KEY secret, I was asking how to implant the KEY into the coding
Code: 
lcFullURL = "[URL unfurl="true"]http://maps.googleapis.com/maps/api/directions/xml?"[/URL] + m.lcRouteParameters + ;
"&units=metric&sensor=false" &&+ m.tlShowRouteDetails
If I simply replace the directory api in this URL with my KEY - error
For your info I am implanting this into an application which I constructed for my own private use, no way to send it to others.
Regards,
Koen
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cfsjohn
  • Locked
  • Question
Consume XML from a REST API 1
Replies
7
Views
409
Chris Miller
Chris Miller
JINESH GANDHI
  • Locked
  • Question
REST API HOW TO PASS PARAMETER AS BODY
Replies
2
Views
291
Rajesh Karunakaran
Rajesh Karunakaran
SitesMasstec
  • Locked
  • Question
Bad extraction data from an API string
Replies
10
Views
303
Chris Miller
Chris Miller
JasonCannon
  • Locked
  • Question
VFP 9.0 API Troubles After Server Upgrade
Replies
4
Views
142
Chris Miller
Chris Miller
Richard Guelzow
  • Locked
  • Question
API Error 23 or 27 from ShellExecute opening a Pdf
2
Replies
28
Views
435
Richard Guelzow
Richard Guelzow

Part and Inventory Search

Sponsor

Back
Top