Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google API keys - What is server key and browser key

This is relevant again now that Google just recently deprecated Browser Keys for its Web Services APIs.

Here are the current definitions:

Server keys

Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

Browser keys

Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

(from https://developers.google.com/console/help/new/)


Try the browser key, found this post, but it's written on 2012,

https://groups.google.com/forum/#!topic/android-gcm/Ir-dNtPRKcU

Found this on web: "2.Click Create new Server key. Either a server key or a browser key should work. The advantage to using a server key is that it allows you to whitelist IP addresses. The following screen appears:"

http://developer.android.com/google/gcm/gs.html

Hope this will help you!


As of now (early 2018), I suspect the difference between server key and browser key is insignificant and only conceptual. Because the web console allows you to apply IP restriction or referrer restriction to any of your key. So, for the same key, you can apply a referrer restriction and then it works as a browser key, and you apply an IP restriction and then it works as a server key. Besides, I don't find specific documentation on server key vs browser key from this official help page.