问题
This might be a silly question but I need to ask it. I am developing an application where I need to use google maps apis. Now while going through one of the tutorials I found out that in order to use the api, I need to generate a SHA1 fingerprint. The fingerprint can be generated using a simple command line utitlity keytoot. So my question is why do we really require such a fingerprint when anybody and everybody can generate it for free. What is the use of such a fingerprint ?
回答1:
I don't know google policy in particular, but I guess that if you write google application, it need to be verified somehow to avoid cases of malicious code. SHA-1 is one way to do so (each copy of the application may be verified remotely by comparing it's unique SHA-1 to the pre-calculated one.
回答2:
Although you can use a free public access key without any fingerprints, you will have limited usage with most apis. The limits involve what kind of information you can retrieve, since you cannot use public access keys for authorization. There are also limits on quota, public access keys generally have less quota. Using an sha-1 fingerprint allow you to create credentials, which you can then use with google apis to authorize your application, allowing it to retrieve user information. The credentials, being unique, most likely allow google to track and monitor your api usage as well (quota).
来源:https://stackoverflow.com/questions/31634158/what-is-the-use-of-sha-1-fingerprint-while-accessing-google-apis