If you want to use Google Maps in your Xamarin.Android app, you will need to obtain an API key. It’s easy to generate an API Key, but we will also want to restrict it’s usage, so that only your app can use it. This alleviates the security concern of placing the API Key in your app, and someone taking it for their own use.
Create Google Maps API Key
- Go to the Google Developers Console
- Click Create Project (If you don’t already have one, otherwise it defaults to an existing project). If you have an existing project, but want to create a new one, click the drop down, then the + button.
- Click ENABLE APIS AND SERVICES
- Click Google Maps Android API
- Then click enable
- Click Credentials, in the Menu, then click Create credentials and select API key
This is your API key that you can use in your Android app.
In your AndroidManifest.xml file, inside the application tag, place your API Key.
<application android:label="XamarinMaps.Android" android:icon="@drawable/icon"> <meta-data android:name="com.google.android.maps.v2.API_KEY" android:value="YOUR_API_KEY_HERE" /> </application>
Restrict Key Access
This API Key is now available, but can be used with anyone who has access to it. If you are using it Server side, then the security issues aren’t too great. However, if you need to distribute this with your app, then it is best to restrict this, so only your app can use it.
We first need to generate a fingerprint. This is done via the command or terminal line. And is in this format.
keytool -list -v -keystore [STORE FILENAME] -alias [ALIAS NAME] -storepass [STORE PASSWORD] -keypass [KEY PASSWORD]
For windows, you will find the debug values for your keystore here, and the default path for the Java SDK. You will need to go to this path, in the commandline to run the keytool.
- [STORE FILENAME] = C:\Users\[USERNAME]\AppData\Local\Xamarin\Mono for Android\debug.keystore
- C:\Program Files (x86)\Java\jdk[VERSIONNUMBER]\bin\
For a Mac, they will be as follows.
- [STORE FILENAME] = /Users/[USERNAME]/.local/share/Xamarin/Mono for Android/debug.keystore
The debug values you will also want are
- [ALIAS NAME] = androiddebugkey
- [STORE PASSWORD] = android
- [KEY PASSWORD] = android
Here is an example, for myself in Windows.
C:\Program Files (x86)\Java\jdk1.8.0_112\bin>keytool -list -v -keystore "C:\Users\Adam\AppData\Local\Xamarin\Mono for Android\debug.keystore" -alias androiddebugkey -storepass android -keypass android
The example output, you will get is.
Alias name: androiddebugkey Creation date: 22/06/2017 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate: Owner: CN=Android Debug, O=Android, C=US Issuer: CN=Android Debug, O=Android, C=US Serial number: 6b038328 Valid from: Thu Jun 22 15:28:21 AEST 2017 until: Sat Jun 15 15:28:21 AEST 2047 Certificate fingerprints: MD5: CF:F5:C2:46:91:E9:18:B2:63:12:57:F5:77:3F:ED:32 SHA1: E0:08:06:CD:89:68:BC:A8:81:F7:87:B6:ED:C4:B0:69:BF:01:87:96 SHA256: A2:FA:88:B3:3F:F7:51:93:5F:8F:8F:6F:C5:7C:1E:2A:2A:5F:5A:B6:00:21:B8:2A:7A:1E:6E:FC:D6:4D:26:E5 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 220.127.116.11 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 28 0D 0F 34 33 28 18 9A 67 A8 B7 88 17 B8 A5 FB (..43(..c....... 0010: B7 FD 14 D6 .... ] ]
What you want is the SHA-1 signature.
Add App Restriction
Now, lets go back to the developer console.
- Edit the API Key.
- Add the fingerprint, and your Xamarin.Android apps package name, and save.
Please note, that this has shown you how to do it, for a debug version. Create a new Fingerprint, against your production Keystore, before you deploy this to the PlayStore.