Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What steps should I take to protect my Google Maps API Key?

Tags:

google-maps

I have obtained a Google Maps API key for my domain.

The examples provided when I obtained my key show the key embedded in request parameters, for example:

<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true_or_false&amp;key=my-key" type="text/javascript"></script> 

I appreciate that the referrer field in requests must match my domain, is it safe to make my key visible in script tags and the like? Or are there any other steps I should take?

like image 580
brabster Avatar asked Sep 01 '09 21:09

brabster


2 Answers

Considering that key has to be included in the <script> tags of your HTML pages, to load the JS files/data from google's servers, there is nothing you can do :

  • you must put it in your HTML files
  • every one can take a look at those.

Still, it doesn't really matter : if anyone tries to use this key on another domain than yours, they will get a Javascript alert -- which is not nice for ther users.

So :

  • There is nothing you can do ; this is the way it works
  • And there is not much you should worry about, I'd say.
like image 172
Pascal MARTIN Avatar answered Oct 12 '22 01:10

Pascal MARTIN


There is setting on Google API console that can protect your API bandwith usage from being used by another domain/user. You can restrict and protect that by using referrer on the API console. API Key will reject requests without referrers that match your restrictions.

Here is screenshot from Google for API Key that can only be used by Google frowm its two domains. enter image description here

like image 26
Ifan Iqbal Avatar answered Oct 12 '22 00:10

Ifan Iqbal