Is it possible to get to know the amount of API-requests per referrer when sharing an API-key?
We recently reached our Quota limit. We would like to find out which of the websites using that key made the most requests.
In the dashboard for your API connection, you can see from which IP address the requests were coming. That's the only way of checking where your API Keys are used from. Google doesn't (visibly) track from which site the requests origin. If you think your keys were used from unauthorized sources, contact Google for help.
Tip: Try to use a different API key for seperate websites. That way, your API Usage is easier to track. Google says (on Best practices on using Google Maps API) this is a best practise.
Related
If I use URL referrer authentication with Geocoding API it says:
There was an error while trying to fix the Venues geolocation information: API keys with referer restrictions cannot be used with this API.
Which after research I find that this means that Google Maps is looking for IP address authentication.
But if I use IP address authentication with Javascript Maps API it says:
JavaScript API error: RefererNotAllowedMapError
https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized: https://example.com
What can be going on?
How can I fully satisfy the good ol'Google Maps?
It looks like you're using two different Maps APIs; the client-side JavaScript API and the server-side Geocoding API web service. This means you need 2 API keys; one restricted with HTTP referrers for client-side use, and the other one restricted by IP address for web services only.
To learn more on how API key restrictions work check out Google's documentation on API key best practices.
Hope this helps!
I know this is 3 months old now. But I had the same problem and I found out how to solve this.
As evan said, you need 2 API Keys. And annoyingly, The Events Calendar only have one field for the API Key.
BUT, I found a link here: https://support.theeventscalendar.com/ to https://support.theeventscalendar.com/716190-Using-Google-Maps-API-Key-Restrictions. The page redirects though... But I managed to screen shot parts of it before it redirects and found this snippet: https://gist.github.com/cliffordp/a2ec320313afbc1ffb5f0e5ac654b7fb
(I changed the code to use a define instead because I don't want my API key in git)
This filter will make it possible to have two API KEYS.
On some domains Google Maps returns instead of image this error message: The Google Maps Platform server rejected your request. You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Domains where it does not work:
http://en.aston-martin-club.com/test_mapa.php
http://en.ktm-club.cz/test_mapa.php
Domains where it works:
http://en.renault-club.cz/test_mapa.php
http://en.lada-club.eu/test_mapa.php
The image I display on web is from http://maps.googleapis.com/maps/api/staticmap URL. It is Google Maps Stati API https://developers.google.com/maps/documentation/maps-static/intro
Why on some domains it works and some not? If it wil not work for any domain, then I think I need to add "key=YOUR_API_KEY" parameter.
I spent many hours trying to find out the reason, but did not succeeded. Any help is very welcome.
In the past (and this is probably still the case), domains that were using the API before keys became required were "grandfathered" with keyless access (they will work without a key).
Keys are now required, so regardless whether the domains "work" without keys or not, it is best to add a valid key to the request.
The things that determine whether or not the domains are "grandfathered" to keyless access are:
When the domain was created
When the domain started using the Google Maps APIs
Google rejects all the requests for static images that does not include api key in URL.
I don't know Google's threshold, but en.aston-martin-club.com is blocked by Google obviously. You must include api key in URL at least.
Is there a way to register Authorized URLs in Google Maps via an API?
Currently, I am manually adding URLs through the Google Maps Support portal, but I would like to be able to make an API call when a customer submits a new domain to my service.
Unfortunately, currently there is no way to manage API key restrictions programatically.
There is a feature request in Google issue tracker to make it possible:
https://issuetracker.google.com/issues/35829646
Please star this feature request to add your vote and subscribe to notifications, at the moment it has only 6 stars, not enough to increase its visibility.
Update from Google
The best way to handle thousands of authorized domains is to use an API to programmatically manage your API Keys and their restrictions, and we have recently launched a new service that allows you to do this.
This API is still in Alpha. If you are interested in becoming a Trusted Tester for this service, you can use the following form to sign up, please read the instructions carefully:
https://forms.gle/qx2SMcarWCAsbWVp7
Please note that this API is not part of the Google Maps Platform. After you fill out the form, you will be contacted by the API Keys API team with instructions on how to get started, and how to receive support.
API Keys API is currently free of charge. However, please note that use of Cloud Endpoints may be subject to charges at high traffic volume. You can check the pricing sheet here:
https://cloud.google.com/endpoints/pricing-and-quotas
I saw that one has not to obtain a Google Maps API key if you want to use their maps api in general, only if you want to use their web services and statistics etc.
Now I have two questions regarding this:
If I have a public website which uses the Google Maps API to display a map with default options. How does Google count the API calls if I don't use an API key? (Maybe with the help of the domain which requests the map?)
If they do so and my site exceeds the 25k calls/day, is there a possiblity that my users can login with their Google account on my site and some backend logic will get them an API key from Google that I store e.g. in a database. So I could use the API keys of my users to bypass the API usage limits only for my site.
Assuming you are using the Javascript API v3:
This SO question partially answers your queries.
Have a look at the usage limits, it looks like that you cannot use more than one API key:
Can I use more than one API key to increase my available usage over
the documented limits?
Google reserves the right to withhold access to the Maps API from any site that attempts to use more than the permitted number of map
loads of the Maps API without permission, and fails to respond when
contacted by Google.
Though this may be debatable, to me it seems a bad idea using your user's API key. For sure you need to ask the permission, then you have to monitor their quotas and so on, a minefield...
TL;DR if you exceed constantly the daily quota you should purchase a larger quota.
I'm using Google Maps web services to perform server-side (reverse) geocoding.
I've got a browser-side and server-side Google API key from the Google APIs Console, which permits the Google Maps JS API to use higher request quotas, and enables pay-per-use for overages (successfully tested in-browser via JS). But the server-side key doesn't seem to work on web services requests.
For example, this URL works fine:
http://maps.googleapis.com/maps/api/geocode/json?sensor=true&latlng=43.477329,-80.548601
But if you add a "key=..." parameter, as in the other APIs, I get a REQUEST_DENIED status.
Am I doing something wrong, or is this just not supported on the web services APIs (yet)? Will it be supported in the future?
See also
request_denied when i include key=my_api_key
Nope, you're not doing anything wrong.
Unfortunately, enforcing tight limits on the Google Geocoding API, also called "Server-Side Geocoding", is Google's design. If your app needs more than 2,500 Server-Side Geocodes per day, then you'll need to upgrade to their Google Maps API for Business product.
Hold on, it gets worse.
If your app's server IP address is shared with other apps, that 2,500 request daily limit applies to ALL of them. This includes apps that share the same server IP address as you, but don't belong to you! This can be a common situation with any PaaS, like Google App Engine or Heroku. So, even if your app works flawlessly today, there is no guarantee that it's still going to work tomorrow.
In the article, "Geocoding Strategies", Google indicates the solution is to "almost always" use "Client-Side Geocoding" via the Geocoding Service, part of the Google Maps JavaScript API V3. The primary reason is that limits are enforced per user, per session. Requests like this shouldn't run up against quota limits unless you're executing geocode batches on the client (not a typical use case).
One golden nugget from the "Geocoding Strategies" article: Design a page that takes user input, calls the client-side Geocode service method, then passes that information to your server app where it can be processed, and hopefully cached. This is FAR from ideal, but if upgrading to Google Maps API for Business isn't an option, it might be the only way to go.
Good luck!
According to this post, your API key should work as one of the three option for requests over 25,000 loads per day.
https://developers.google.com/maps/faq#usagelimits