I am currently developing an Ionic app where I have an embedded Google Map. The Google Maps V3 API recommends using an API key for tracking usage. The thing is when I create an API Key for browser usage I can only secure my API key by specifying referrers. Now I don't have a referrer on mobile devices so what can I do to avoid that other people can also use my API key?
The way I see it you have two options:
Either way, it is still possible for someone to get your key and use it to make requests on your behalf. They could do it by spoofing the referrer themselves even if you go that route since it is a header provided by the client browser.
I think the best way to do this is to create a proxy server which use server key to call the API, and where require user login with their userID (if your app need to login) or may be device id. At least you have some control over what is happening.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.