My company has 2 Google Maps API keys that we have been using for several years. They started charging us for their use in June 2018. At that point and for several month afterwards, I could go to the Google Cloud Platform console and see the API keys listed, along with usage etc. Now when I go to the GCP console, it does not show those API keys. However, Google is still charging our credit card every month for their use.
I'm wondering what happened, and if it has happened to anyone else. If I could see the API keys, I could edit them, change their restrictions, etc.
If you're confident that you're checking the correct project, you may wish to review your audit logs to see whether the API Key was deleted by one of the project's authenticated accounts:
For ${PROJECT}, the following should list API key-related actions:
PROJECT=[[YOUR-PROJECT]]
LOGNAME="projects/${PROJECT}/logs/cloudaudit.googleapis.com%2Factivity"
METHOD="google.api.apikeys.v1.ApiKeys"
gcloud logging read "logName=\"${LOGNAME}\" protoPayload.methodName:\"${METHOD}\"" \
--project=${PROJECT} \
--format="value(protoPayload.authenticationInfo.principalEmail,protoPayload.methodName,timestamp)"
I created then deleted an API key to confirm the behavior.
My logs show (abbreviated):
[me] google.api.apikeys.v1.ApiKeys.DeleteApiKeys 2020-04-07T19:21:40.301Z
[me] google.api.apikeys.v1.ApiKeys.PatchApiKey 2020-04-07T19:18:38.395Z
[me] google.api.apikeys.v1.ApiKeys.CreateApiKey 2020-04-07T19:18:20.721Z
Related
So, I created an script on google sheets that, basically, selects a set of addresses on a sheet and uses Maps.newGeocoder.geocode() to get geocodes and calculate distances. It works wonderfully, no problems there. However, when I try to authenticate using Maps.setAuthentication(clientId, signingKey);, I just get an error.
I got my credentials from loging into https://console.cloud.google.com/, creating a random project and by going in "Create credentials". When I go into the credentials tab, I can select OAuth2.0 and see clientId and client secret key. I am using these to authenticate. Is it correct? What am I doing wrong? How the hell can I get the credentials? Thanks a lot!
The setAuthentication(clientId, signingKey) method enables the use of an externally established Google Maps APIs Premium Plan account, to leverage additional quota allowances. Your client ID and signing key can be obtained from the Google Enterprise Support Portal.
They are not the same as client ID and client secret key as explained here.
Note that this type of account is not longer available for new customers.
Here some helpful links:
Premium Plan Support
Premium Plan FAQ
I want to retrieve address from lat long coords. I have created project in google console. Added Billing information and enabled the geocoding api services. But still when i make this request i am getting the below error
https://maps.googleapis.com/maps/api/geocode/json?latlng=41.89,12.49&key=xxxx
You must enable Billing on the Google Cloud Project at https://console.cloud.google.com/project/_/billing/enable
I was also Facing the same issue, Billing is enabled and is linked to the project but I was getting the same Error.
After Spending enough time on this issue, I understood that the type of my billing account is "Google Cloud Platform", but it should be of type : "Google Maps Platform"
You can see the type of your billing account on the right side of Billing Overview as in the image:
So please check if your Billing type is "Google Maps Platform", if not create a new Billing Account with "Google Maps Platform" as type and link your project to this Billing Account.
Most of us are getting this response/error
{
"error_message" : "You must enable Billing on the Google Cloud Project at <br>https://console.cloud.google.com/project/_/billing/enable Learn more at https://developers.google.com/maps/gmp-get-started",
"predictions" : [],
"status" : "REQUEST_DENIED"
}
If you will read this answer throughly you'll be able to sort out this issue.
As mentioned in this answer.
You'd have to create a separate billing account in order to use Google Map APIs because google map bills in USD currency instead of your native currency.
Solution(3 step)
create a new billing account.
create a new project and associate it with above billing.
enable Map API and create a new API key. that's it.
Step1: create a new billing account, you can use this link https://console.cloud.google.com/billing/create and Choose Google Map Platform from the dropdown.
Step2: create a new project using this link https://console.cloud.google.com/projectcreate and use billing account created above.
Step3: Now you can enable particular API and you're good to go. That's it.
Make sure that the API key you are using to authenticate the request is from a project that has an active billing account. If not, your requests will fail and if you are using Javascript API, your map will get the "Degraded experience".
Below are some of the links we have that could be helpful in your use case.
Managing your billing accounts
Modify a project's billing settings
Viewing your cost trends with billing reports
Once everything is set up, you can always file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel whenever you are encountering issues with our product.
Thank you and hope this helps!
Go back to the billing account and see if something went wrong with your credit card. Credit cards are validated asynchronously.
Go to the GCP Console and verify that your billing account is assigned to the project.
In the GCP Console check for past due amounts.
After you assign/modify a credit card, wait. The process is not instant in (re)authorizing billing for your account.
I had the same issue. I was doing everything correct.
then I found this link
Gmp india faq
The problem was Google maps billing doesn't support INR Currency.
Please check if your currency compatible with Google Maps billing platform otherwise create new billing account with USD currency.
Thanks!
You may find this link helpful
Modify a project billing settings
I have had similar problem, when I have created a free tire payment account and I was not able to create a Windows VM as thesse are paid.
To fix I have "upgraded" the free tier payment account. It was confusing because the payment account has had enabled a valid payment method and linked to the project but it was not working.
There is a button to upgrade the free tier payment account, on the account dashboard page.
For those of you who enabled their billing account through the link in the error message but still get the error, or can't find "Enabled google service" as someone else suggested, simply just delete your browsers cache and try again.
For anyone still struggling , my case was that i have reached a maximum of projects for the same billing account and for some reason i couldnt create a new one as mentioned above , for that after a lot of reasearch i found that i could disable billing for some project so i can use it in new ones :
1- go to the link https://console.cloud.google.com/billing/projects
2- click on the three dots for the first projects (the billing is enbale for those projects).
3-disable one of them
4- enable the billing for your new project and you are good to go !
however still not sure why i could only enable this for just 3 project , i think it is not a lot !
Use:
gcloud alpha billing accounts list --format json
# ^^ find an active billing account then
ACCOUNT_ID='0XYXYX-XYXYXY-XYXYXY'
gcloud beta billing projects link $PROJECTNAME --billing-account $ACCOUNT_ID
# ensure it says "billingEnabled: true"
Please can you help me, I'm receiving this error when I'm trying to deploy a google cloud function:
HTTP Error: 400, Default service account 'project-name#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.
The command used to deploy is:
firebase deploy --only functions
A temporary solution is fine, but if you can help me to solve it permanently is better.
Thanks in advance.
In my case, the App Engine default service account was deleted. It looks like this: {project_id}#appspot.gserviceaccount.com
So I had to restore the service account like this:
You can now recover the deleted service accounts from https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/undelete
you have to get the UniqueID of the service account from https://console.cloud.google.com/home/activity
Source: https://stackoverflow.com/a/55277567/888881
The API explorer is an easy way to use the IAM API: https://developers.google.com/apis-explorer/#p/
I was struggling to resolve this issue, then I raised a case with Google.
here is a detailed article of my learnings :
https://medium.com/#ashirazee/http-error-400-default-service-account-appspot-gserviceaccount-com-accd178ea32a
Firstly navigate to Google Cloud Platform and view your service accounts.
try and find <project_id>#appspot.gserviceaccount.com' in your list of service accounts for the firebase project, it is linked to the App Engine.
if '#appspot.gserviceaccount.com' is missing you can not deploy anything(SEE EMAIL WITH GOOGLE BELOW), if it isn't, check and see if it's enabled, try disabling it and enabling it again.
#appspot.gserviceaccount.com is pre-installed by default, regardless of a paid account or not. try and recall if at any time you may have deleted it after or before deployment.
Now if you have for any reason deleted it over a period of more than 30 days than you can not retrieve it, and you must create a new firebase project. However, if it is within 30 days you can undelete it.
EMAIL FROM GOOGLE:
Email #1
"
Hello Ali
I am checking the logs of your project, unfortunately the service account was deleted on Ma, there is no chance to recover it nor recreate it
The only workaround available is to create a new project and deploy the service desired there. I know this could not be the best option for you nevertheless it is the way this works by design.
Do not hesitate to write back if you have more questions.
Cheers,"
Email #2,
"Hello Ali
I am glad to read that you have been able to deploy your functions successfully, unfortunately that service account cannot be recovered after 30 days of being deleted and that is the only solution. If you have other questions, please let us know by contacting us again through our support channel.
Cheers,"
lastly here is a helpful command line that will help you debug this, however, it won't help if there is no service account, it'll just highlight the obvious:
firebase deploy --only functions --debug
this was my error:
"HTTP Error: 400, Default service account '<project_id>#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Clo
ud Functions API), or specify a different account."
Following the error message, you could enable the API by console accessing this url and enable the api.
Or by gcloud command:
gcloud services --project <project_id> enable cloudfunctions.googleapis.com
As the other stated, sadly, you need to use the default service account.
If within the 30 days period, you can use this tutorial to find and undelete the service acc: Read this guide to get https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
You have to enter the commands through the Google Cloud Console (one of the buttons will open a terminal on the right of the top blue app bar)
try to select Google Cloud Platform (GCP) resource location in Setting of Firebase. enter image description here
My website makes use of Google Maps API. I recently received an email from Google that says that I should switch from a Browser Key to a Server Key in order to continue using the API past 2 Dec 2015.
So if I am not mistaken all I have to do is request a Server Key in the Google Console and put it in place of my Bowser Key? is that simple?
Here is part of the email:
Yesterday, we announced a pay-as-you-go option for seven of the Google
Maps API Web Services for free, external, publicly available websites
and mobile implementations. As part of this launch, we are tightening
security around how developers identify their usage of the APIs. You
are receiving this email because you may be affected by this change.
Starting today we have deprecated usage of 'Keys for browser
applications' or 'Browser keys’ with the Google Maps API Web Services.
Developers should instead use ‘Server keys’ with these services. Any
newly created browser keys will not work, but existing browser keys
will continue to work for 90 days starting today. On 2nd December
2015, we will be completely disabling usage of browser keys to access
Google Maps API Web Services, at which point any requests to Google
Maps Web Services APIs using such keys will begin to fail.
Currently, in my HTML I have the following that loads the Google Maps API:
<script scr="https://maps.googleapis.com/maps/api/js?v=3&signed_in=false&key=MY_BROWSER_API_KEY&sensor=false"></script>
In another page in the same website, I use the YouTube Data API in the server side to which I feed the SERVER_KEY I obtained from Google Console.
The code looks like:
require_once 'google-api-php-client/src/Google/autoload.php';
$client = new Google_Client();
$client->setDeveloperKey(GOOGLE_API_SERVER_KEY);
$youtube = new Google_Service_YouTube($client);
Yes, all you have to do is change out the key. There are complications with white lists, that may or may not affect people. The white lists between server and web keys need to be merged. This is a problem if the server does not send outgoing communications with the same ip address everytime. For example, for my company, our set up is a group of instances that get dynamically assigned ips from a public pool. In our case we are going to add an extra network interface.
So a better answer to your question is depending on whether you only use the key in a public webpage, or if you use it on a server. If you use the key on a server, and the key is connected to a paid google account for a specific map api service, then you will have to figure out the outgoing ip address(es) and add each one to the list.
A lot of people, particularly on shared hosting accounts have not white listed the server ip as until now, as it could be hidden and the risks of people pirating the key were minimal. But now, in the next 90 days, a lot of private server keys are going to be publicly exposed when people also have to put the key in their html. This will probably mean that there will be a mini migration from shared hosting to more controlled environments, in my opinion.
I am evaluating box for enterprise accounts. Within version 1 docs there are Enterprise Commands such as
create_managed_user
edit_managed_user
etc
Is there V2 commands which are the same ?
Will the existing V1 Commands for these methods be deprecated ?
Updating this, since someone recently referred to it, even though this answer is pretty ancient.
Fully updated:
There is about 20% more surface area available for "Administrative use" in the V2 API, than there was in the V1 Box.com API.
Where? /users
POST to create a new one
GET /users to see all the users in the enterprise
PUT /users/ to update a specific user
GET /users/?fields=a,b,c to get specific fields you want to see, including some non default fields like their enterprise-id, their role, some permissions, etc. See the docs for users, and look for the green fields.
Where else? /groups
POST to create a new one
GET to get a list of all groups
GET /groups//memberships to get a list of all the users in a group
What else? as-user headers can let you build applications that automate processes for your users.
Of course to do all these things, you have to be an admin, granted the permissions to do these various different things.
The V2 API has some admin-level APIs, mostly under the /users endpoint (http://developers.box.com/docs/). However, many methods are still being added to the V2 API, and much of the administrative functionality is only available in the V1 API at the moment. The V2 API does not yet have equivalent method's for create_managed_user or edit_managed_user from V1.
We generally recommend that apps use the V2 API as much as possible, and include V1 calls when needed. As we add more methods to the V2 API, it's best to change your v1 calls as soon as you can.