Google Maps Platform Google Maps Platform
Why Google
Products
Products
Discover the APIs and SDKs available to create tailored maps for your business.
See all products
All products
Maps
Aerial View
API
Dynamic Maps
JS Android iOS
Dynamic Street View
JS Android iOS
Elevation
API
Map Tiles
API
Maps Datasets
API
Maps Embed
API
Static Maps
API
Static Street View
API
Routes
Directions
JS API
Distance Matrix
JS API
Roads
API
Compute Routes
API
Compute Routes Matrix
API
Places
Address Validation
API
Autocomplete
API JS Android iOS
Current Place
Android iOS API
Geocoding
JS API
Geolocation
API
Nearby Search
JS API
Place Details
JS Android iOS API
Place Photos
Android iOS API
Text Search
JS API
Time Zone
API
Environment
Air Quality
API
Pollen
API
Solar
API
Solutions
Solutions
Find the right combination of products for what you’re looking to achieve.
Wondering where to start?
Find your solution
By industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
By industry
Solutions By Industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
Pricing
Resources
Resources
Check out more info to help you get to know Google Maps Platform better.
Documentation
Solution Finder
Demo Gallery
Quick Builder
Blog
Customer Stories
Partner Directory
Impact Calculator
Webinars
Whitepapers
Trust Center
Architecture Center
Women Techmakers
Contact sales
Get started
Why Google
Products
Products
Discover the APIs and SDKs available to create tailored maps for your business.
See all products
All products
Maps
Aerial View
API
Dynamic Maps
JS Android iOS
Dynamic Street View
JS Android iOS
Elevation
API
Map Tiles
API
Maps Datasets
API
Maps Embed
API
Static Maps
API
Static Street View
API
Routes
Directions
JS API
Distance Matrix
JS API
Roads
API
Compute Routes
API
Compute Routes Matrix
API
Places
Address Validation
API
Autocomplete
API JS Android iOS
Current Place
Android iOS API
Geocoding
JS API
Geolocation
API
Nearby Search
JS API
Place Details
JS Android iOS API
Place Photos
Android iOS API
Text Search
JS API
Time Zone
API
Environment
Air Quality
API
Pollen
API
Solar
API
Solutions
Solutions
Find the right combination of products for what you’re looking to achieve.
Wondering where to start?
Find your solution
By industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
By industry
Solutions By Industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
Pricing
Resources
Resources
Check out more info to help you get to know Google Maps Platform better.
Documentation
Solution Finder
Demo Gallery
Quick Builder
Blog
Customer Stories
Partner Directory
Impact Calculator
Webinars
Whitepapers
Trust Center
Architecture Center
Women Techmakers
Contact sales
Get started
Google Maps Platform Google Maps Platform
Why Google
Products
Products
Discover the APIs and SDKs available to create tailored maps for your business.
See all products
All products
Maps
Aerial View
API
Dynamic Maps
JS Android iOS
Dynamic Street View
JS Android iOS
Elevation
API
Map Tiles
API
Maps Datasets
API
Maps Embed
API
Static Maps
API
Static Street View
API
Routes
Directions
JS API
Distance Matrix
JS API
Roads
API
Compute Routes
API
Compute Routes Matrix
API
Places
Address Validation
API
Autocomplete
API JS Android iOS
Current Place
Android iOS API
Geocoding
JS API
Geolocation
API
Nearby Search
JS API
Place Details
JS Android iOS API
Place Photos
Android iOS API
Text Search
JS API
Time Zone
API
Environment
Air Quality
API
Pollen
API
Solar
API
Solutions
Solutions
Find the right combination of products for what you’re looking to achieve.
Wondering where to start?
Find your solution
By industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
By industry
Solutions By Industry
Retail
Transportation & Logistics
Financial Services
Real Estate
By use case
By use case
Display the Ideal Location
Visualize Geospatial Data
Provide Local Information
Enable Asset Tracking
Offer Efficient Routes
Build Immersive Experiences
Improve Addresses
Enrich Transactions
Pricing
Resources
Resources
Check out more info to help you get to know Google Maps Platform better.
Documentation
Solution Finder
Demo Gallery
Quick Builder
Blog
Customer Stories
Partner Directory
Impact Calculator
Webinars
Whitepapers
Trust Center
Architecture Center
Women Techmakers
Google Maps Platform best practices: Restricting API keys
Mike Pegg
Head of Developer Relations, Google Maps Platform
Aug 22, 2019
Try Google Maps Platform
Unlock access to real-world data and insights with a monthly $200 Google Maps Platform credit.
Get started

Editor’s Note: Today’s post comes from Mike Pegg–head of our Google Maps Platform developer relations team and longtime Maps developer (you might remember him from the Google Maps Mania blog). Today, Mike and his team are kicking off a three-part series on best practices for using Google Maps Platform. 

We know you put a lot of time and energy into creating experiences your users love, and we’re here to make sure you have the tools you need to bring Google’s knowledge about the world to everything you build. Part of that is helping you keep your Google Maps Platform integration efficient and secure. First up in our series is what you should do to control and prevent any unwanted or unexpected usage of your Google Maps Platform project. Today’s topic: restricting your API keys.

With the exception of Maps URLs, all Google Maps Platform APIs and SDKs require you to send an API key with all calls. API keys are generated in the Google Cloud console, and act as unique identifiers that authenticate the calls you make to Google Maps Platform and ensure they are billed to the correct account. Your API keys are the primary way we authenticate your access to Google Maps Platform APIs and SDKs. 

**Why should I restrict my API keys?**Restricting your API keys helps ensure your Google Maps Platform account is secure. Just like the keys to your house or your car, it’s important to protect them to make sure they can only be used by the people and in the way you want. We strongly recommend that you restrict your API keys when you generate them in the Google Cloud console. You can always change the restrictions later, if you need to.

**What’s an API key restriction?**API key restrictions are settings you apply to an API key that limit which applications, APIs, and SDKs can be used with that key. For example, you can specify that an API key can only be used to make calls from an Android app that has your app’s package name, or to the Geocoding API from a server with an IP address that matches the server your backend service is running on.

Think of this like how you think about passwords. Using a single password for multiple websites means that a stolen password would grant a thief access to many different things. API key restrictions make it possible for you to limit what a key can be used for, limiting your exposure if your key were ever compromised–just like keeping separate passwords for multiple websites.

**What types of API key restrictions are available?**There are two types of API key restrictions: API restrictions and application restrictions.  Application restrictions limit usage of the API key to a specific web site, web server, or application. Google Maps Platform supports four types of application restrictions:

  • HTTP referrers: restricts usage to one or more URLs and is intended for keys that are used in websites and web apps. This type of restriction allows you to set restrictions to a specific domain, page or set of pages in your website.

  • IP addresses: restricts usage to one or more IP addresses, and are intended for securing keys used in server-side requests, such as calls from web servers and cron jobs.

  • Android app restriction: restricts usage to calls from an Android app with a specified package name.

  • iOS app restriction: restricts usage to calls from an iOS app with a specified bundle identifier.

API restrictions limit usage of the API key to one or more APIs or SDKs. For example, if your mobile app only uses the Maps SDK for Android and Places SDK for Android, you can restrict the API key to only those two SDKs. You may set an API key to authorize access to as many APIs and SDKs as you want, but we strongly recommend that you limit the list to only those that are needed.

**What are best practices for applying API key restrictions?**Here are a few simple guidelines you can use to determine which API key restrictions you should use and how to use them with your Google Maps Platform integrations:

  1. Use a separate API key per source and restrict each with an application restriction. For example, create separate API keys for your Android app and web app and restrict them with the Android app and HTTP referer application restrictions, respectively.

  2. Apply an application restriction and one or more API restrictions to all your API keys. This will provide the maximum security by limiting what application can use your key and what APIs or SDKs it can be used with.

  3. Never use the same API key for client-side (mobile app, web app) and server-side applications.

**How do I restrict my API keys?**Restricting an API key is fast and easy. You can do it at any time from the credentials tab of the APIs & Services page of the Google Cloud console. But as I mentioned earlier, we recommend you apply some restrictions to every key you generate when you generate it. To learn how to restrict an API key, follow the walkthrough in our docs or watch this video.

We’re constantly amazed by the things developers and businesses create with Google Maps Platform, and we want to do whatever we can to make you successful. Restricting your API keys is one easy way to keep your account secure, and to limit unauthorized usage if your key is ever compromised.

For more best practices, look out for the next blog post in our series, as well as our optimization guide. And don’t be afraid to ask questions on our StackOverflow tag

For more information on Google Maps Platform, visit our website.

Clay cityscape
Clay cityscape
Google Maps Platform
Get going with Google Maps Platform
Get started