How to secure your Google Maps API key

Storemapper works with the Google Maps Platform  to ensure your customers get the best possible map experience. Because that map is on your website, publicly available, and your customer uses it freely, you’ll have to have your own relationship with mapping provider (Google in this case). This involves the creation of an account with them and generating Google Maps API key that is linked to your map and site.

To prevent quota theft, Google gives you a way to add restrictions to your API key. There are two types of restrictions you need to know about:

  1. Application restrictions
  2. API restrictions

 

Application restrictions

We advise you to restrict your Google Maps API key using HTTP referrers. You add your website to the list of allowed referrers and any request to map service coming out from another source would be rejected by Google. To add HTTP referrers follow these steps:

Step 1: Ensure you’re logged in with the Google account under which you created your Google Maps API key.

Step 2: Navigate to Google Console Credentials screen and click to your API key to enter it.

Step 3: In the Application restrictions section choose ‘HTTP referrers’ and add your site into Website restrictions. 

You should wrap your domain name with asterisks. This will ensure you can place Storemapper on any subdomain or page under your domain and it will be able to use API key.

E.g  *yourwebsite.com/*

Also, if you want to be able to browse your Storemapper from Preview screen under your account dashboard, we advise adding storemapper domain as well.

*storemapper.co/*

Troubleshooting: If after HTTP referrers addition you refreshed your locator page and saw the bouncing pin, it means that domain was added incorrectly. Make sure you’re using asterisks at the beginning and in the end of the domain name.

API restrictions

These types of restriction help you to control what exact services/APIs can be used by your API key. Your store locator widget requires the following services/APIs :

  • Maps JavaScript API (render map)
  • Geocoding API (powers user searches)
  • Places API (addresses suggestion functionality)

IMPORTANT! Since August 30, 2019, Google will begin enforcing API key restrictions for Places Library on Google Maps JavaScript API (Places Library) to improve their security. API restrictions now will be mandatory.

To add API restrictions to your API key follow these steps:

Step 1: Ensure you’re logged in with the Google account under which you created your Google Maps API key.

Step 2: Navigate to Google Console Credentials screen and click to your API key to enter it.

Step 3: In API restrictions section choose ‘Restrict key’ and click on ‘Select APIs’ dropdown.

 

In the APIs list select ‘Maps JavaScript API’, ‘Places API’, ‘Geocoding API’

 

That’s it! You’re safe now.

Questions / Issues?

If you have any questions or having issues following above steps, please call for help at help@storemapper.co or book a call with us our support representative.

 

Was this article helpful?

Related Articles