Hi all,
Google API recommends restricting API key access to prevent abuse.
For Android apps, it requires the package ID and the SHA-1 fingerprint.
I was able to retrieve the SHA-1 fingerprint from my keystore. However, when I apply restrictions, all API requests are blocked (FIS_AUTH_ERROR in Firebase).
If I remove the restrictions, the APKs work again.
This makes me think that builds use a different SHA-1 fingerprint—or maybe they aren’t signed with my keystore.
Can anyone confirm this?
There some difference between release and debug APK?
And if that’s the case, what’s the correct way to configure the API key while keeping it secure?
Thanks in advance,
D.