Reputation:
Programatically whitelist HTTP referrers for Google API keys
We hosts a large number of websites for clients on our bespoke CMS. They all use the same Google API Key for Google's Maps and Geocoding API.
We want to start limiting the HTTP Referrer of our Google API Key by listing all of our client domain names.
The only way we have found to do this is by editing the key on https://console.developers.google.com/apis/credentials/ and adding the domains one at a time under 'Application restrictions' options.
Preview of 'Application restrictions' options on Google API website:
This is not very ideal for us, as we have several hundred client domains, and we would need a developer to add these manually each time we get a new domain.
So my question; is there a way for us to add the HTTP Referrer programatically? Or is there an alternative way to limit the usage of the keys by just our client domains?
Upvotes: 2
Views: 802
Answers (1)
Reputation: 13842
All sharing the same API key sounds like a design mistake. For example, if one of your clients goes crazy and overuses the quota or gets banned for abuse, or anything like that, then it will bring down the API for all your clients. Have you considered having a different API key for each client?
Upvotes: 1
Related Questions
- How to set Google API key restriction - HTTP referrers
- API keys with referer restrictions cannot be used with this API
- Where/how can I whitelist access to my Google Apps API?
- Google API Key Http referrers issue using curl PHP
- restrict Google API Key by HTTP referrer (client side) OR IP address (server side)
- Correct way to set HTTP referrers in "Accept requests from these HTTP referrers" field in google developer console
- Google API KEY referral wildcard for localhost development
- Google API Key Http referrers issue
- Google API Key for browser. Issue when referrers set
- Google map api get key "Accept requests from these HTTP referrers"