We were using a GCP API key on multiple platforms (Android, iOS, Web) for Google map, Location search (api/place/autocomplete), static Google Map, etc.
Now I wanted to create a new/separate Key for Android App so I can add appropriate restrictions like package name SHA1 and used APIs.
I've created a new key, Changed it into the App after that map is working fine but Location search API is kept throwing an exception-
This IP, site or mobile application is not authorized to use this API key. Request received from IP address <ip>, with empty referer",
Has anyone faced this issue? Or any clue that how should I debug this?
You cannot make web service requests using an API key that is Android or iOS restricted. Web services are server-side and only work with API keys that are restricted by IP address.
Each of your API keys should be restricted properly based on the API in use.
For web services, use an IP-restricted API key.
For client-side services, use an HTTP referrer-restricted API key.
For Maps and Places SDK for Android or iOS, use an Android/iOS restricted API key.
To learn more on API key restrictions for Google Maps APIs please check out these resources:
https://developers.google.com/maps/faq#keysystem
https://developers.google.com/maps/api-key-best-practices#restrict_apikey
Hope this clarifies your question!