Replies: 2 comments 2 replies
-
|
I think what you can do is in your google maps console setup cors policies to only allow specific urls to be able to use the key |
Beta Was this translation helpful? Give feedback.
-
|
It isn't necessary to hide the API key since you can (and should) limit what can be done with it. This includes limiting the APIs the key is enabled for as well as restricting the domains and paths where the key can be used. There is a lot of documentation about this here: https://developers.google.com/maps/api-security-best-practices I not sure if it is even possible to build a proxy-server to hide the API-key. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, right, I get it. Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
Important to note: I would also always recommend setting up spending alerts, budgets, and quotas/rate-limits for the API usage in the cloud console. This can help prevent the occasional programming error or stolen API-keys from causing major problems before you can detect them. |
Beta Was this translation helpful? Give feedback.
-
So, I'm learning to do some React coding and I asked ChatGPT on how should I do this maps integration to my app, and it suggested using a backend proxy so that my api key can hide in the backend and not be revealed publicly. As far as I understand, the API key is revealed to the public when using this repo, is that correct? Is there any way of hiding it?
Beta Was this translation helpful? Give feedback.
All reactions