I am integrating the Google Maps Routes API into my Android application, but I keep getting an HTTP 403 Forbidden error when restricting the API key to my package name and SHA-1 fingerprint in Google Cloud Console. However, when I remove the restriction, the API works perfectly.
What I Have Done: Verified SHA-1 Fingerprint & Package Name:
I retrieved the SHA-1 using:
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
-Added it to Google Cloud Console under API Credentials → Application Restrictions → Android apps. -Double-checked that my package name is correct.
Enabled Billing & Required APIs:
-Billing is enabled for my project.
-Enabled the following APIs:
-Maps JavaScript API
-Directions API
-Geocoding API
-Routes API
-Tested With & Without Restrictions:
-Without restrictions: The API works, and I can successfully retrieve routes from point A to point B. -With restrictions (SHA-1 + Package Name): I get a 403 Forbidden error. Additional Context: -This is a multi-module Android project (feature modules). Could this be affecting the API key validation? -I have also tried removing and regenerating the SHA-1, but the issue persists. -The API key is correctly included in the AndroidManifest.xml and accessed properly in my project.
Expected Behavior: -When the API key is restricted to my Android package name and SHA-1, it should still work on my device.
Actual Behavior: -With restrictions, I get a 403 Forbidden error, but when I remove the restriction, everything works fine.
Question:
- Why does restricting the API key cause a 403 Forbidden error even when my package name and SHA-1 are correct?
- Could the multi-module project structure be interfering with API key validation?
- Are there any additional steps I might be missing to properly restrict the API key for Google Maps Routes API?
- Would really appreciate any insights. Thanks! 🚀
