Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Proposal: Pull API key from app.json / share with react-native-maps

See original GitHub issue

Using the API key as a prop presents obvious security issues. The key should be able to be pulled from app.json just as with react-native-maps.

I have a feeling this isn’t something that is easy to do, but as it is currently it presents an issue that controls on the API key associated with things like the bundleIdentifier probably don’t work as expected.

The best solution I can conceive is not making the prop required and using it from a dependency from react-native-maps, since this is required anyway.

I’m going to experiment with this on my own and I believe that as long as MapView (or another component which relies on an API key) is part of your component and wraps MapViewDirections it shouldn’t be necessary to use the key directly.

Obviously, this means a bit of a rewrite on react-native-maps-directions to not request the key, but there must be some way to code around it.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:6 (5 by maintainers)

github_iconTop GitHub Comments

webraptorcommented, Aug 21, 2020

Decided to comment over here instead of opening a new issue. The idea is that to properly secure the API keys, the API calls should be native, not from JS. With the API calls triggered from JS, one cannot restrict API usage, so if the key is “stolen”, doesn’t matter how, it is compromised.

bramuscommented, May 21, 2019

Thanks for your report and follow-up. I’m closing this issue, as:

  • app.json is something specific to Expo, and not React Native in itself.
  • The MapViewDirections component itself does not store the API key — It only gets it injected at runtime through a prop.

As a user of this component you can decide yourself where you want to store it. Be it in app.json, a config-file using react-native-config, an API call to your own API that you do upfront, etc. Securing those locations falls outside the scope of react-native-maps-directions.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How can I store Google Maps API keys not using app.json?
Store them in a .env file like this GOOGLE_API_KEY=yourKey . Then import to to files as needed with react-native-dotenv package; ...
Read more >
Using API Keys | Maps SDK for Android
This topic describes how to create an API key for the Maps SDK for Android, add it to your app, and secure the...
Read more >
Already used React Native
If you are familiar with React Native, this guide will help you understand the key differences between Expo and React Native.
Read more >
Introduction to React Native Maps
The React Native Maps library makes it easy to build maps into your app and build insights around your users' location data.
Read more >
Integration of Google map in React Native using ...
How to integrate Google Map in React Native using react-native-maps. ... Now to open the google map in the app we have to...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found