{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《how to make google endpoints inaccessible from the》','https://www.manongdao.com/q-607798.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an Android app that has access to a set of APIs through Google Endpoints. The problem is that the same APIs are accessible from the web through https://your-app-id.appspot.com/_ah/api/explorer, and I don't want this to happen. That is, I want the datastore to be accessible (and modifiable) only from mobile devices. Is there a simple way to do this? I had a look at enpoint authentification and did not completely understand that (I'm still new to all of this...), so I wondered if there was a simpler answer to this (apparently) simple problem.
相关问题
- How can I create this custom Bottom Navigation on
- Bottom Navigation View gets Shrink Down
- java.lang.NullPointerException at java.io.PrintWri
- How to make that the snackbar action button be sho
- Listening to outgoing sms not working android
相关文章
- android开发 怎么把图片放入drawable的文件夹下
- android上如何获取/storage/emulated/下的文件列表
- androidStudio有个箭头不认识
- SQLite不能创建表
- Windows - Android SDK manager not listing any plat
- Animate Recycler View grid when number of columns
- Why is the app closing suddenly without showing an
- Android OverlayItem.setMarker(): Change the marker
There is currently no way to change the fact that your endpoints are publicly visible from the web (etc.).
You can however, implement authentication to ensure that they are only used by your clients (whether mobile or web). You can authenticate against the Google account on the client device, or you can just authenticate your app.
The documentation for this is here: https://developers.google.com/appengine/docs/java/endpoints/consume_android
There is also some here:
https://developers.google.com/eclipse/docs/endpoints-addauth
Unfortunately, neither are very good, and they focus more on user (vs. app) authentication. So if you have problems I would also suggest you search SO with "[google-app-endpoints]authentication".
In order to restrict access to the API to only apps that you've written you will need to implement authenticated API calls.
The second set of instructions in the README for https://github.com/GoogleCloudPlatform/appengine-endpoints-helloendpoints-android detail how to register your app with Google Play Services in order to authenticate your app and users.
https://github.com/GoogleCloudPlatform/appengine-endpoints-helloendpoints-java-maven/blob/master/src/main/java/com/google/devrel/samples/helloendpoints/Greetings.java#L50 shows an authenticated Cloud Endpoints method implementation. If an invocation happens on that method that isn't authenticated the User object will be null.