Reputation: 11
What is the correct way to protect Google API key for Places service?
First of all I want to use Google Places API for autocomplete. I have created API key and it works fine. I make api calls from client so I need to protect or restrict it. I tried to use HTTP restriction, but it doesn't work with Places API. There are recommendation in the docs to use IP restriction but it requires that some proxy server to make api calls. So which way is right? Do I need proxy server with IP restriction to make api calls? Or is there some way to make secure api calls from client?
Upvotes: 0
Views: 393
Answers (1)
Reputation: 1401
Normally, when you are calling the requests from the Client-Side, it should be restricted via HTTP referrers, and IP address restrictions are used when you are calling the requests from the server-side which has a static IP address. If you're calling from the Client-Side and your HTTP restrictions are not working, it will be best to file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel as this must be an isolated case and might have something to do with your configuration in your GCP console.
I would also recommend to check the sample HTTP restriction below:
example.com
*.example.com
These two will allow your API key to be used in all subdomains and paths in your website.
Upvotes: 1
Related Questions
- How to set Google API key restriction - HTTP referrers
- Protect Google Maps API key with Restriction for Ionic app
- How to secure google API keys
- Android Place SDK restricted API key is not working
- Should I or must I use API key restrictions for a google api key?
- Website Restrict Google Maps API key dynamicly via SDK
- How to secure/hide the API Key
- What steps should I take to protect my Google Maps API Key?
- How to secure my api key?
- How to google maps api keys safe on website