Reputation: 67
Adding Google Maps JavaScript API 3 key to markup
I'm a little confused by Google's instructions on how to securely correctly use their map API. On one hand, their examples specify that the API key is added to the API script - e.g.
<script src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap" async defer></script>
But their best practices state exactly the opposite -
Do not embed API keys directly in code: API keys that are embedded in code can be accidentally exposed to the public—for example, if you forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
Upvotes: 1
Views: 577
Answers (1)
Reputation: 161334
The part of the documentation that applies to Browser Keys is (browser keys have to be public in your HTML):
Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.
Upvotes: 1
Related Questions
- Google Map javascript api key
- Google Maps API without key?
- Google Maps Javascript API key
- Where to insert google map api key in wordpress theme
- How to set API key in Google Maps JavaScript API?
- Cannot get Google Maps JavaScript API Key
- How can I get my google-maps API key to display my Map in jsbin
- Google maps V3 API key usage
- Google maps api
- Adding basic marker to google maps api v3