Hi!
I am trying to restrict my customers Google API Key to their Outsystems iOS Application (Native), but I'm struggling.
My key restrictions looks like this:
..Where the bundle identifier of the application is fetched from Service Studio.
When I'm not setting any Application restrictions, everything works fine. However, as soon as I try to restrict it, I get the following error in the javascript console:
Clearly, there is something wrong with the way I'm setting the Application restrictions.
My question is:
Do access for Outsystems Applications need to be specified in a certain matter, other than the way I'm attempting to do it now?
PS: I have also attempted to restrict access to my application using "HTTP referrers", but have not had any success. Then again, I am not entirely sure about what URL to enter in this case (Having in mind that the application is running Native).
All answers are highly appreciated!
The problem has now been solved!
You have to set the Application restrictions as HTTP referrers where the native application is referred to in the following format: "outsystems://<environment>.outsystemsenterprise.com/<ApplicationName>/*"
Glad you found it, Martin!
Thanks for sharing it, it might come useful for other people facing the same issue.
Hi Martin,
I think you're facing that problem because OutSystems Maps uses the JavaScript API in Reactive Apps and Mobile Apps.
To get the iOS restriction to work, the OutSystems Maps would need to be working with the native SDKs instead of the JS API.
With that said, I think you're left only with the HTTP Referrers option, by providing the URL serving your mobile app (example: https://<YOURSERVER>.outsystemsenterprise.com/MyMobileAppName).
Let us know if this 'solves' your issue.
Cheers,Miguel
Thank you Miguel for your response!
Unfortunately, the HTTP Referrers option only grants access to the application when being testetd in the browser. When running the application Native, I get errors.
Best
Martin
Have you tried with wildcards? Something like *.example.com/* ?
Can you share a screenshot with the configurations (omitting any confidential information)? Maybe we can spot something there.
To me it seems like the wildcard at the start of the URL does not work. I have not gotten it to work at least. Also, from what I have read online, the "http://" prefix is required when specifying the HTTP referrers:
Here is a screenshot of my google console:
I just did a quick test in my personal environment and with Android.
If I set the restrictions to something like: (https://aaaa.outsystemscloud.com/*)
I get the map blocked in both (Android and Web):
Android
Web
But, If I set the restriction to https://*.outsystemscloud.com/* I'm able to load again the map.
restriction
So I wonder if configurations are different for iOS or if there's something wrong in your configs. Can you please double-check your configs and try to test it with something similar to the ones I posted?
Thank you again Miguel for your response!
Unfortunately, the following HTTP referrer does not seem to do the trick:
When testing the application as a pwa in the browser, I get the following error:
It does not work in the Native app either.
The configs you are asking me to double check, do you mean the ones I shared in the screenshot above? Or do you mean something else?
The ones in the screenshot.
Can you test without the app name in the URL?
Like this: https://*.outsystemsenterprise.com/*
Also, make sure when you test in the browser to do a cache invalidation refresh (on Windows CTRL+Shift+R, CMD+Shift+R on Mac). And also, don't forget to Save the API configurations when adding/removing/editing the restrictions. I know you might know this, but I'm just trying to make sure that we don't miss anything here :)
Setting "https://*.outsystemsenterprise.com/* " grants access to the pwa/browser version of the app, but not for the Native iOS one I'm afraid. I still get the "Something went wrong" message.
First I thought this answer was wrong because the outsystems:// urls didn't work for us at all.
After some trial and error this is our conclusion:
- Android is restricted by the https:// url
- iOS is restricted by the outsystems:// url
So you need 2 urls in your restrictions if you support both operating systems.
Can anyone confirm this?