In order to leverage Google Static Maps in power apps an Google API key needs to be used. Does anyone know how to apply apropraite key resrictions to prevent missuse of API key outside of Power Apps? Resricting to within particular power apps is event better. Here are the options I see in the Console:
This key is unrestricted. To prevent unauthorized use and quota theft, restrict your key.
Key restriction lets you specify which web sites, IP addresses, or apps can use this key.Learn more
Restrict usage to your Android apps (Optional)
Add your package name and SHA-1 signing-certificate fingerprint to restrict usage to your Android apps
Get the package name from your AndroidManifest.xml file. Then use the following command to get the fingerprint:
More iOS Details
Accept requests from an iOS application with one of these bundle identifiers (Optional)
Please take a look at the blog below for how to work with the BingMap API or Google Map API within PowerApps:
Here within PowerApps, the API key is used together with the Map URL, if you would like user to only use this API, then you may just hardcode the API key within the URL, without providing the Key Input text.
By doing this, the key can only be be used within the App.
FOr the Google Map API, under the image property of image control, enter:
"https://maps.googleapis.com/maps/api/staticmap?center=" & EncodeUrl(txtLocation.Text) & "&size=" & txtImageWidth & "x" & txtImageHeight & "&key=XXXXXXXXXXXX"
Just replace 'XXXXXXXXXX' with the API key.
That document was incredibly helpful when I origionally got started on Static Maps. As a developer who maintains those API keys I am concerned about the security of imbeding the API key in the power app. That is the core of my question. I have temporarily setup the API as unrsericted and it is working in my app.
Anyone that opens the app in the browser can pretty easily steal the API key by right clicking the image and inspecting the URL in a browser or loading a simulator for the iOS or Android app. Idealy I'd like to resrict it by app ID or website as the origionating source. As Power Apps is a container app for many diffrent apps I don't see how that can be done without leaving the API open to anyone else's power apps. Hoping someone can give me direction.