tags:

views:

206

answers:

2
+1  Q: 

What steps should I take to protect my Google Maps API Key?

I have obtained a Google Maps API key for my domain.

The examples provided when I obtained my key show the key embedded in request parameters, for example:

<script src="http://maps.google.com/maps?file=api&amp;amp;v=2&amp;amp;sensor=true_or_false&amp;amp;key=my-key" type="text/javascript"></script>

I appreciate that the referrer field in requests must match my domain, is it safe to make my key visible in script tags and the like? Or are there any other steps I should take?

+2  A: 

Considering that key has to be included in the <script> tags of your HTML pages, to load the JS files/data from google's servers, there is nothing you can do :

  • you must put it in your HTML files
  • every one can take a look at those.

Still, it doesn't really matter : if anyone tries to use this key on another domain than yours, they will get a Javascript alert -- which is not nice for ther users.

So :

  • There is nothing you can do ; this is the way it works
  • And there is not much you should worry about, I'd say.
Pascal MARTIN  2009-09-01 22:04:04
I think you could use a proxy on your own site that used the key to fetch the "real" file. Totally pointless, yes, but I think it's possible.
Tim Sylvester  2009-09-01 22:07:37
Figured it was worth checking in case I'd missed something. Cheers to those who answered.
Brabster  2009-09-01 22:26:30
@Tim : not sure ; I'm guessing the JS code itself if whecking the domain name of the site that displays the map, and it would seem normal that it compared it, in some kind of way, with an information included in the key -- still, I did not try. ;;; @Brabster : :-)
Pascal MARTIN  2009-09-01 22:50:21
+2  A: 

I don't see why you would bother. Isn't the key only valid from your domain? IIRC, the only information encoded in it is your domain name, aside from whatever info Google might add such as the time it was generated.

Tim Sylvester  2009-09-01 22:04:47

related questions

Scalable google maps overlay
Google Maps API - GMarker.openInfoWindowHtml() stopped working
Is there a way to place a pin into the google maps iphone app using openURL?
Access KML placemarks in a Google Maps overlay via Javascript?
How does Google Maps work?
How does CSS formatting in a Google Maps bubble work?
Does Google Maps respect the <BalloonStyle> definition in KML?
Which map api would best support fictionally defined maps?
How to simplify (reduce number of points) in KML?
Mapstraction as a library to access Google maps
How do I embed a Google map into a Flash website?
Google Maps Overlays
Do any mapping APIs provide road details?
Implementing Google maps in mobile
Google Maps, Z Index and Drop Down Javascript menus
Using Google Maps in Coldfusion
google maps providing directions in local language
google maps traffic info
Google Maps in Flex Component
"undefined handler" from prototype.js line 3877
Fixed Legend in Google Maps Mashup
How can I launch the Google Maps iPhone application from within my own native application?
Javascript Load Order
Google Maps API - Problems with class GLatLngBounds
Simplest way to make a Google Map mashup?