Author Topic: Google Maps: protecting your key  (Read 526 times)

0 Members and 1 Guest are viewing this topic.

Offline Archibald

  • Full Member
  • ****
  • Posts: 251
Google Maps: protecting your key
« on: February 12, 2017, 12:04:49 PM »
Google recommends you protect your API key to prevent others using it.  If usage exceeds the daily limit of free use your maps will no longer work or, if you have enabled billing, you will be charged for someone else's use of your key.  However normally the daily limit is 25,000 map load per day (for Google Maps JavaScript API).

When logged into Google, get to your API console and click on 'Credentials'.  For me the easiest way to protect my key is to limit its use to my domain or domains.  Under 'Key restriction', I select 'HTTP referrers (web sites)'.  You are prompted to enter your domain in the form *.example.com/* where the asterisks are wildcards.  I find this would permit access to http://www.example.com/map.html but will deny access to http://example.com/map.html.  It seems that if you miss out the dot and enter your domain as *example.com/*, protection does not work.  I therefore make two entries:
   http://www.example.com/
   http://example.com/
The trailing asterisk wild card seems to be unnecessary.

If you wish to preview a web page with map in WebPlus, the key protection will stop the map appearing except for a fraction of a second.  You therefore either need to temporarily disable key protection or upload the page to view it. Actually previewing a page with a map in WebPlus is a handy way to check your key protection is working.