Google Maps Elevation API android studio

Question

I am creating an android app to record a user's activity using Google Maps SDK and the Google Play Services Location API. I am attempting to retrieve the user's elevation based on a given latitude and longitude. I originally used Location#getAltitude() but then realised that does not give the elevation above sea level.

I proceeded to use the open elevation API using the following query string:

String url = "https://api.open-elevation.com/api/v1/lookup?locations=" + latLng.latitude + "," + latLng.longitude;

However, that API appears to be much too slow in generating a response. I then found the Google Maps Elevation API which we can make a request using a URL also. However, we need to pass an API key and I do not want to pass this API key in the URL string and end up committing it to the remote repository.

In this repo (https://github.com/googlemaps/google-maps-services-java) I found the class: /src/main/java/com/google/maps/ElevationApi.java which I thought I could use to avoid messing around with http requests.

In my gradle, I included this dependency:

implementation 'com.google.maps:google-maps-services:0.18.0'

At the moment, the code to retrieve the elevation is as follows:

ElevationApi.getByPoint(new GeoApiContext.Builder().apiKey(API_KEY).build(), latLng)
            .setCallback(new PendingResult.Callback<ElevationResult>() {
                @Override
                public void onResult(ElevationResult result) {
                    consumer.doAction(result.elevation);
                }

                @Override
                public void onFailure(Throwable e) {
                    e.printStackTrace();
                }
            });

What do I pass in for API_KEY here since I don't want to commit it to the repository? I have an api key defined in local.properties for maps, however, like so:

MAPS_API_KEY=<API_KEY_HERE>

Basically, my question is, can I define an API key in a properties file that is not committed to GitHub and then reference it in the code?

Thanks for any help.

Update: I have managed to read the API key from local.properties using gradle but got an exception from the ElevationApi saying API 21+ expected, but was 30...strange. So I went back to the open-elevation API with the following Volley request:

/**
 * Calculates elevation gain for the provided recording service
 * @param recordingService the recording service to calculate elevation gain for
 * @param response the handler to consume the elevation gain with
 */
public static void calculateElevationGain(RecordingService recordingService, ActionHandlerConsumer<Double> response) {
    ArrayList<Location> locations = recordingService.getLocations();
    JSONArray array = constructLocations(locations);

    try {
        if (array != null) {
            RequestQueue requestQueue = Volley.newRequestQueue(recordingService);
            String url = "https://api.open-elevation.com/api/v1/lookup";
            JSONObject requestHeader = new JSONObject(); // TODO this seems very slow
            requestHeader.put("locations", array);
            JsonObjectRequest request = new JsonObjectRequest(Request.Method.POST, url, requestHeader,
                    response1 -> handleSuccessfulResponse(response1, response), RecordingUtils::handleErrorResponse);
            request.setRetryPolicy(new DefaultRetryPolicy(500000, DefaultRetryPolicy.DEFAULT_MAX_RETRIES, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT));
            requestQueue.add(request);
        }
    } catch (JSONException ex) {
        ex.printStackTrace();
    }
}

I had to set the timeout to a high number not sure how hight it should be because I was getting Volley timeout errors due to the slow response times.

Are there any other ways I can retrieve elevation about sea level?

Answer 1

I advise a different direction: stay with the Google and the API key, but employ best practices regarding secrets and source repositories. Since you are dealing with an Android app and not a webapp your key can be somewhat safe inside your app binary (versus a key in a web deployed app is exposed).

Bets practices:

1. Do not commit the API key. The best to achieve this is to exclude the file which contains the key from the source control repo. That can simply be done with .gitignore. For example this Codelab has a file with the secret, but it has a dummy value and normally this file should be excluded from the source. It is only there because that is an educational code lab.
2. As a security measure take advantage of GitGuardian to scan your repos in case you'd accidentally push an API key. In such events you'd get a notification. As for me I forked that Geospatial API codelab and saw the key file was in the gitignore and I accidentally pushed a key.
3. In case you accidentally push a key in a commit it's not enough to reverse the commit and delete the file! Scavenger bots will still find the information in your git history. Rather immediately disable the key and generate another one.
4. If you are dealing with a webapp you can restrict the API key usage to your webapp's domain. Similarly you can restrict the key to specific Android app signatures (don't forget to add your developer environment's signature) too. This guarantees that even if someone steals the key they probably won't be able to use it.

Answer 2

Yeah, open-elevation.com has intermittent issues with timeouts and latency.

There are some alternatives listed on this GIS stack exchange question Seeking alternative to Google Maps Elevation API. I'm the developer of Open Topo Data which is the most-voted answer over there. You can host your own server with docker, and I also have a free public API which has pretty good latency and uptime.

There's also GPXZ as an alternative to the Google Elevation API with higher-quality data, but it requires an API key so would have the same issue as with Google Maps.