Thank you for your answers. Here is the thread where I read about google accounts restrictions: http://stackoverflow.com/questions/19786339/google-cloud-endpoints-limitations-any-proposed-solutions
Anyway, Les Vogel confirmed that users have to get a Google account to use the OAuth authentification (which is a shame in my opinion...). Hopefully your solutions are not too hard to implement Les Vogel, I don't have that much experience in web applications. Le dimanche 14 décembre 2014 20:26:24 UTC+1, Chad Vincent a écrit : > > 1) If your signing key is compromised, then someone with that information > would be able to make calls by spoofing the client signature from your app. > > 2) Based on the documentation, it looks like no, but without knowing what > was said in the SO thread, I wouldn't put money on it one way or the other. > > On Sunday, December 14, 2014 10:27:51 AM UTC-6, Gannicus wrote: >> >> Hello, >> >> I am using Cloud Endpoints with Java to create my API and I would like to >> be used only by my android client application. >> I read the Google documentation and it seems like I have to generate an >> ID thanks to the SHA1 fingerprint. >> >> However I would like to have a confirmation on this: >> >> 1) Does it really restrict API calls to my android client only? I don't >> want any possibility to call it thanks to a REST client, a browser or >> something like that. >> >> 2) Some part I didn't understand -I read something about it on Stack >> Overflow- : do the users have to own a google account to use my android >> client then? >> >> Thank you. >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
