Menu
API keys are not strictly secret as they are often embedded into client side code or mobile applications that consume Google Cloud APIs. Still,they should be secured and should never be treated as public information.
You may use an unrestricted API key with any Google Maps Platform API or SDK. However, we strongly recommend that you restrict your API keys, especially in following scenarios: The test environment will be or is publicly visible.
If you're building a GCP application, see using API keys for GCP. When you use API keys in your Google Cloud Platform (GCP) applications, take care to keep them secure. Publicly exposing your credentials can result in your account being compromised, which could lead to unexpected charges on your account.
For example, if your mobile app only uses the Maps SDK for Android and Places SDK for Android, you can restrict the API key to only those two SDKs. You may set an API key to authorize access to as many APIs and SDKs as you want, but we strongly recommend that you limit the list to only those that are needed.
V3 doesn't require a key, but there are some benefits to using one.
Note first off that this key is different than the old V2 key. It's generated from the APIs console (http://code.google.com/apis/console). You pass it the same way, with a key parameter when loading the JS.
Benefits of having a key include usage reports in the console, and a way for Google to contact you if you're going over the quota regularly. You can also purchase additional quota through the console. Finally, if you're using the Places API, it requires the use of a key.
You can set allowed referrers, so that your key can't be used by others.
What Frazell says is correct, when you receive your api key on the right is a 'Edit allowed referers...' link that pops up an option to allow the websites you want to show your map on, if you leave this blank you are allowing any, but if you set let's say http://yourdomain.com only that domain can display the map.
No secrets here. When the key is generated it is associated with your domain name, so the key will not work on someone else's site anyway. It's your and yours alone.
(I agree with Marc's comment)
According to http://code.google.com/apis/maps/signup.html, version 3 does not need a key. "The Google Maps Javascript API Version 2 has been officially deprecated as of May 19, 2010. Version 3 does not require an API key."
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With