我在我的Andr​​oid库项目中使用谷歌Places.GEO_DATA_API。我的Andr​​oid库项目都有它自己的UI，并允许父应用的用户完成某些动作。我遇到以下方面问题，使用第三方API这样的合并时，我的Andr​​oid SDK到一个Android应用程序。

I am using the Google Places.GEO_DATA_API in my Android Library Project. My Android Library Project comes with its own UI and allows users of the parent app to complete a certain action. I am running into following issues with respect to merging my Android SDK into a Android application when using third party API like this.

这些问题的假设，我的库项目和App的集成我的库项目使用相同的API，例如谷歌Places.GEO_DATA_API既

These Issues assume, that my library project and the App that Integrates my library project are both using same API for instance Google Places.GEO_DATA_API

问题1：清单合并冲突如果父应用程序也在使用相同的API

Issue 1: Manifest merge conflicts if parent app is also using the same API

根据该文件，我应该列明根据应用标记我的清单文件的API密钥作为

According to the documentation, I should specify the API key in my manifest file under application tag as

<meta-data
android:name="com.google.android.geo.API_KEY"
android:value="our_key"/> 

我能够通过移动API名称和值的build.gradle档案，并在清单文件的引用来解决这个问题。

I was able to resolve this issue by moving the api name and value to build.gradle file and having a reference in manifest file

<meta-data android:name="@string/google_api_name"  
 android:value="@string/google_api_key" />                                         

问题2：上面的修复只是避免了在编译时间，但家长的应用程序仍然可以滥用我的钥匙，并用它来创建自己的谷歌的情况下，他们在自己的应用程序进行调用冲突API客户端，并呼吁商家信息自动填充API。我测试了这一点，并调用去。

Issue 2: The above fix just avoids the conflict at compile time but the Parent app can still abuse my key and use it for the calls they make in their app by creating their own instance of Google API Client and calling the Places Autocomplete API. I tested this and the calls go through.

我尝试添加包名称和指纹谷歌API控制台限制使用。这有助于当我试图让从父应用程序的API调用，但由于我的图书馆是父应用程序中集成的，我假设谷歌认为，呼叫从父应用程序（包），而不是我的包来了，它会阻止来电我的图书馆的。

I tried adding package name and fingerprint to Google API Console to restrict usage. This helped when I tried to make the API call from parent app but since my library is integrated within the Parent app, I am assuming Google thinks that the call is coming from Parent app (package) and not my package, and it blocks the calls made by my library.

由于谷歌API客户端生成器不能够通过API密钥作为参数，唯一的近期解决方案是不使用的API。能否请somoene建议对这个问题的解决方案。

Since the Google API Client builder does not allows to pass the API key as a parameter, The only near term solution is to not use the API. Can somoene please suggest a solution for this problem.

推荐答案

您不应该包括在库中的凭据。这应该是家长的应用程序的责任。如果保留＆LT;元数据... /＆GT; 标记那么它将与父应用程序合并。同样的，在琴弦您的APK键。如此以来，你的库包含字符串 google_api_key 资源合并也将使字符串 google_api_key 提供给父应用程序。

You should not include the credentials in your library. That should be the responsibility of the parent app. If you keep the <meta-data .../> tag then it will be merged with the parent app. Same with your APK key in the strings. So since your library contains the string google_api_key the resource merger will also make the string google_api_key available to the parent app.

您唯一的解决办法是迫使父应用在他们的的Andr​​oidManifest.xml 不是图书馆。