Reputation: 47
How to secure/hide the API Key
I have a SPA that needs to do mapping and I want to use Google Maps API (which works great), but I dont want to have the API KEY in the java script because anyone can "view code" and steal it. I'm SURE this is a common problem/solution but I can't find anything to help; closest is something about using a Proxy. I'm sure everyone that uses Google API in a client-javascript-app has this problem...
Upvotes: 0
Views: 947
Answers (1)
Reputation: 1401
Since you've mentioned that you are gonna use the API in the client-side Javascript. You may use the HTTP referrer restriction, this will restrict your API key to be used only in your domain and will result error if your API key will be used under other domain. You may do this by following the steps below:
- Go to GCP Console Credentials Page
- On the list below, click on the name of the API key that you made.
- In the Application restrictions section, click on HTTP referrers.
On the text box below, insert the following:
example.com
*.example.com
These two will allow your API key to be used in all subdomains and paths in your website.
- Then click on Save
NOTE : replace example.com with the domain that you intend to restrict.
Upvotes: 2
Related Questions
- How does Google Maps secure their API Key? How to make something similar?
- Protect Google Maps API key with Restriction for Ionic app
- Secure google maps api key in an angular app
- Website Restrict Google Maps API key dynamicly via SDK
- What steps should I take to protect my Google Maps API Key?
- Hiding API Key in React
- How to secure my api key?
- How to google maps api keys safe on website
- Should the google api key be private?
- Hiding API key in code (Python)