should I keep my geocode api key a secret?
Question
I'm working with the geocoding api from google. I'll be hitting the following endpoint with ajax like so...
$.ajax({
url: https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&key=MY_API_KEY,
success: function(data) {
console.log("yay");
}
})
Is it safe to add my api key directly into my javascript? This means it will be viewable from my website and also on source control. What precautions should I take?
2 answers
solution1
3 2016-10-25 02:15:03
No , you should absolutely hide your API key(s) from the client and source control. A malicious user could use the key to exhaust your quota, making your application potentially unusable.
To avoid this, create a server which fetches the data from the API and then serves it to the user. Additionally, you should apply rate limiting, to prevent users exhausting your quota through your own application.
For more information, see this support article .
solution2
1 2017-09-04 08:41:33
Consider also using the Geocoding Service in the Google Maps JavaScript API. When loading the JavaScript API, make sure to use an API key that is restricted to your website .
Remember that results from the Google Geocoding services must be displayed on a Google map (see 10.4.d and 10.4.e).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.