![]() For example, create separate API keys for your Android app and web app and restrict them with the Android app and HTTP referer application restrictions, respectively.Īpply an application restriction and one or more API restrictions to all your API keys. Use a separate API key per source and restrict each with an application restriction. **What are best practices for applying API key restrictions?**Here are a few simple guidelines you can use to determine which API key restrictions you should use and how to use them with your Google Maps Platform integrations: You may set an API key to authorize access to as many APIs and SDKs as you want, but we strongly recommend that you limit the list to only those that are needed. For example, if your mobile app only uses the Maps SDK for Android and Places SDK for Android, you can restrict the API key to only those two SDKs. IOS app restriction: restricts usage to calls from an iOS app with a specified bundle identifier.ĪPI restrictions limit usage of the API key to one or more APIs or SDKs. IP addresses: restricts usage to one or more IP addresses, and are intended for securing keys used in server-side requests, such as calls from web servers and cron jobs.Īndroid app restriction: restricts usage to calls from an Android app with a specified package name. This type of restriction allows you to set restrictions to a specific domain, page or set of pages in your website. HTTP referrers: restricts usage to one or more URLs and is intended for keys that are used in websites and web apps. Google Maps Platform supports four types of application restrictions: Application restrictions limit usage of the API key to a specific web site, web server, or application. **What types of API key restrictions are available?**There are two types of API key restrictions: API restrictions and application restrictions. API key restrictions make it possible for you to limit what a key can be used for, limiting your exposure if your key were ever compromised–just like keeping separate passwords for multiple websites. Using a single password for multiple websites means that a stolen password would grant a thief access to many different things. Think of this like how you think about passwords. For example, you can specify that an API key can only be used to make calls from an Android app that has your app’s package name, or to the Geocoding API from a server with an IP address that matches the server your backend service is running on. **What’s an API key restriction?**API key restrictions are settings you apply to an API key that limit which applications, APIs, and SDKs can be used with that key. You can always change the restrictions later, if you need to. We strongly recommend that you restrict your API keys when you generate them in the Google Cloud console. ![]() Just like the keys to your house or your car, it’s important to protect them to make sure they can only be used by the people and in the way you want. **Why should I restrict my API keys?**Restricting your API keys helps ensure your Google Maps Platform account is secure. Your API keys are the primary way we authenticate your access to Google Maps Platform APIs and SDKs. API keys are generated in the Google Cloud console, and act as unique identifiers that authenticate the calls you make to Google Maps Platform and ensure they are billed to the correct account. With the exception of Maps URLs, all Google Maps Platform APIs and SDKs require you to send an API key with all calls. Today’s topic: restricting your API keys. First up in our series is what you should do to control and prevent any unwanted or unexpected usage of your Google Maps Platform project. Part of that is helping you keep your Google Maps Platform integration efficient and secure. We know you put a lot of time and energy into creating experiences your users love, and we’re here to make sure you have the tools you need to bring Google’s knowledge about the world to everything you build. Today, Mike and his team are kicking off a three-part series on best practices for using Google Maps Platform. Editor’s Note: Today’s post comes from Mike Pegg–head of our Google Maps Platform developer relations team and longtime Maps developer (you might remember him from the Google Maps Mania blog ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |