요청 섹션에서 사용자당 분당 요청 할당량을 앱에 적합하도록 설정합니다. 예를 들어 앱에서 텍스트를 가져오기 위해 문서의 사진을 업로드하는 경우 사용자가 몇 초마다 두 번 이상 실행할 가능성은 낮으므로 할당량을 30~40으로 설정하면 안전할 것입니다.
여기에서 '사용자별 요청'은 단일 IP 주소의 요청을 나타냅니다. NAT를 사용하는 상태에서 여러 사용자가 동시에 앱을 사용하려는 경우에는 이 점에 유의해야 합니다.
4. Firebase ML API 키를 사용하여 Cloud API 호출
마지막으로 앱에서 새 API 키를 사용하도록 Firebase ML을 구성합니다.
Firebase ML API 키는 Cloud Vision API에 대한 인증되지 않은 액세스를 허용하므로 승인되지 않은 사용과 결제 계정 청구를 방지하기 위해 키를 기밀로 유지하는 것이 중요합니다. 이렇게 하려면 앱 바이너리에 API 키를 포함하지 말아야 합니다. 대신 앱 런타임에서 알려진 정상 사용자가 로그인되어 있는지 확인한 후에만 서버에서 API 키를 검색합니다.
이러한 방법을 사용하는 경우에도 API 키가 유출될 수 있습니다. 손상된 키로 인한 영향을 줄이기 위해 위에서 설명된 대로 API의 사용자별 할당량을 줄이고 키 순환 정책을 시행하며 다른 사용자 그룹에 서로 다른 키를 발급하는 등 조치를 취해야 합니다.
앱에서 안전하게 API 키를 획득한 후 Firebase ML Cloud API를 호출할 때 다음과 같이 키를 지정합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["필요한 정보가 없음","missingTheInformationINeed","thumb-down"],["너무 복잡함/단계 수가 너무 많음","tooComplicatedTooManySteps","thumb-down"],["오래됨","outOfDate","thumb-down"],["번역 문제","translationIssue","thumb-down"],["샘플/코드 문제","samplesCodeIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-13(UTC)"],[],[],null,["\u003cbr /\u003e\n\nIf your Apple app uses one of Firebase ML's cloud APIs, before you launch your app\nin production, you should take some additional steps to prevent unauthorized\nAPI access.\n\n1. Reduce the scope of existing API keys\n\nFirst, configure your existing API keys to disallow access to the Cloud Vision\nAPI:\n\n1. Open the [Credentials](https://console.cloud.google.com/apis/credentials?project=_) page of the\n Google Cloud console. When prompted, select your project.\n\n2. For each existing API key in the list, open the editing view.\n\n3. In the *API restrictions* section, select **Restrict key** , then add to the\n list all of the APIs to which you want the API key to have access. Make sure\n to ***not*** include the Cloud Vision API.\n\n When you configure an API key's *API restrictions* , you are explicitly\n declaring the APIs to which the key has access. **By default, when the *API\n restrictions* section has *Don't restrict key* selected, an API key can be\n used to access any API that is enabled for the project.**\n\nNow, your existing API keys will not grant access to cloud ML services, but each\nkey will continue to work for any APIs that you added to its *API restrictions*\nlist.\n\nNote that if you enable any additional APIs in the future, you must add them to\nthe *API restrictions* list for the applicable API key.\n\n2. Create a new API key for use with Firebase ML\n\nNext, create a new API key for Firebase ML that only allows calls to the\nCloud Vision API:\n\n1. Return to the [Credentials](https://console.cloud.google.com/apis/credentials) page. Be sure your\n Firebase project is still selected.\n\n2. Click **Create credentials \\\u003e API key** . Take note of the new API key, then\n click **Restrict key**.\n\n3. In the *API restrictions* section, select **Restrict key** , then add to the\n list ***only*** the Cloud Vision API.\n\nThis API key grants access only to the Cloud Vision API and can be used by\nFirebase ML to access cloud-based models.\n\n3. Recommended: Reduce the Cloud Vision API's quota\n\nTo help mitigate the consequences of a compromised key, you should reduce the\nCloud Vision API's per-user quota from its default setting. To do so:\n\n1. Open the [Cloud Vision API Quotas](https://console.cloud.google.com/apis/api/vision.googleapis.com/quotas?project=_) page of the\n Google Cloud console. When prompted, select your project.\n\n2. In the **Requests** section, set the **Requests per minute per user** quota\n to something reasonable for your app. For example, if your app involves\n uploading a picture of a document to get back its text, it's unlikely that a\n user will do that more than once every few seconds, so a quota of 30-40\n would probably be safe.\n\n Note that in this context \"requests per user\" refers to requests from a\n single IP address. You might need to consider this if you expect multiple\n users to use your app at the same time from behind a NAT.\n\n4. Call Cloud APIs using your Firebase ML API key\n\nFinally, in your app, configure Firebase ML to use your new API key.\n\nBecause the Firebase ML API key allows unauthenticated access to the Cloud Vision\nAPI, it's important to keep the key confidential to prevent unauthorized use and\ncharges to your billing account. To do so, you should refrain from including\nyour API key in your app binary. Instead, at app runtime, verify that a known\ngood user is signed in, and only then, retrieve the API key from a server.\n\nEven when these practices are observed, it is possible for an API key to be\ncompromised. You should take steps to help mitigate the consequences of a\ncompromised key, such as reducing the API's per-user quota as described above,\nimplementing key rotation policies, and issuing different keys to different\ngroups of users.\n\nAfter your app has safely acquired the API key, when you want to call an\nFirebase ML Cloud API, specify the key: \n\nSwift \n\n if let cloudVisionKey = getYourApiKey() { // See note above about securing your API key\n let options = VisionCloudDetectorOptions()\n options.apiKeyOverride = cloudVisionKey\n let cloudDetector = Vision.vision().cloudLandmarkDetector(options: options)\n }\n\nObjective-C \n\n NSString *cloudVisionKey = [self getYourApiKey]; // See note above about securing your API key\n if (cloudVisionKey != nil) {\n FIRVisionCloudDetectorOptions *options =\n [[FIRVisionCloudDetectorOptions alloc] init];\n options.APIKeyOverride = cloudVisionKey;\n FIRVisionCloudLandmarkDetector *landmarkDetector =\n [vision cloudLandmarkDetectorWithOptions:options];\n }\n\nIn addition, you should follow the general advice in\n[Securing an API key](https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key).\n\nNext steps\n\nSee the [launch checklist](/support/guides/launch-checklist) for information on\npreparing your app to launch when using other Firebase features."]]