Zack
Reputation: 884
Should the google api key be private?
I'm using the Google maps embed developer tool for a website, and to use it I have to put this into the html:
<iframe width="600" height="450" frameborder="0" style="border:0"
src="https://www.google.com/maps/embed/v1/place?q=Metropolitan%20Grill%2C%202nd%20Avenue%2C%20Seattle%2C%20WA%2C%20United%20States&key=my_api_key">
</iframe>
I've replaced my actual Google api key with 'my_api_key' in the src url. Is there any reason I should be concerned about having my api key showing up in the html like that?
Upvotes: 2
Views: 839
Answers (1)
geocodezip
Reputation: 161404
There is no reason to keep your console key for the embedded API private (you can't, it has to be in the HTML, which is publicly available). You control the domains that it is valid for, make sure they are owned and controlled by you.
Upvotes: 4
Related Questions
- How to secure/hide the API Key
- is google maps api-key necessary for practice?
- What are the security risks with including Google Map API key in gradle?
- Where to put Google API key
- should I keep my geocode api key a secret?
- Is it safe to share on GitHub my Google Maps API key?
- When is a Google Maps API key required?
- Do I really need the Google Maps API key?
- Will Google Map JS API 3 require an API key?
- What should the google map api key be?