On the notes of this page, there is a mention that the Geocoding API key should be server-restricted
During development and testing, you can register a project for testing
purposes in the Google API Console and use a generic, unrestricted API
key. When you are ready to move your app or website into production,
register a separate project for production, create a server-restricted
API key, and add the key to your application.
Is the geocoding API only meant to be used on a server type instance?
Can I put the Geocoding API key on a mobile device by bundling it within the app using restriction for android/ios? I'm concerned that I will violate the said "server-restricted API key" clause.
PS. I'm aware that Google API keys can be restricted to android/ios/ip etc.
In order to make Google Maps Web Service requests from a mobile device (without using the Google Maps SDK), you have to use an unrestricted key. Each mobile device has its own IP address and it is not feasible to set IP address restrictions to all the mobile devices that use your app.
Android or iOS API key application restrictions only work for requests made through the Android or iOS SDK.
If you want to use a restricted key for web service requests from mobile devices, you have to use a proxy server that makes the requests on behalf of the mobile app.
I’ve been reading the documentation and it seems that the Geocoding Web Service API is not fit for my use case. There is a “Javascript Google Maps API” that I can use.
Related
I'm trying to program geocoding. I created API key, but when I add it into my website code I don't get anything, however when I don't use API everything works well. When I'm sending:
https://maps.googleapis.com/maps/api/geocode/json?address=".$adres."&key=KLUCZ_XXX
I get a response:
Browser API keys cannot have referer restrictions when used with this API.
If I use:
https://maps.googleapis.com/maps/api/geocode/json?address=".$adres"
The result is correct but the number of queries is limited per day.
Key constraint: referrals HTTP (Web) - set to the domain from which conjure inquiry. Interface Google Maps Geocoding API is turned on.
Does the API key has to be activated also somewhere else to work?
It sounds like you may be making the API call server side. I ran into this issue earlier today. Since you've placed a referrer restriction on your API key, it will be limited to executing on the browser with the web service APIs, including the Geocoding API. It didn't work for me even when manually setting the referrer in the request headers. You can find the other web service APIs on this page: https://developers.google.com/maps/web-services/
Important: If you are using any of the web service APIs with an API key that has referer restictions, your requests will fail with the error message: "API keys cannot have referer restrictions when used with this API." You should switch to using a server restriction.
You'll want to create a separate key to use server-side. You can change your restriction from a browser restriction to a server restriction by using IP addresses to restrict access, instead of browser referrers.
See this section in the Maps APIs FAQ on switching key type to a server restricted key: https://developers.google.com/maps/faq#switch-key-type
Alternatively, you can continue using a browser key and geocode client-side (JavaScript), then return the result to the backend via ajax.
If server-side geocoding is not an option, you should use the geocoder from the Google Javascript API. You can set HTTP referer restrictions on that API.
Google itself says to avoid the Non-Javascript Geocoder API for dynamic geocoding:
This service is generally designed for geocoding static
(known in advance) addresses for placement of application content on a
map; this service is not designed to respond in real time to user
input. For dynamic geocoding (for example, within a user interface
element), consult the documentation for the Maps JavaScript API client
geocoder and/or the Google Play services Location APIs.
This issue happens when you set the referrer for the server key to the domain name instead of the IP address, then it will show this message -
API keys with referer restrictions cannot be used with this API
.
For geocode API create a separate API key and restrict that API using IP address.
It worked for me.
my question: Is there any Google API / SDK I can use to be able to dynamically add "HTTP referrers (web sites)" (assign domains) to maps API key ?
Background
I'm building a web-application portal that will allow anyone to create a business website and assign a custom domain to it.
On that generated website customer will have google maps map pointing to address of their business.
Customer has an option to add custom domain to their business website created by my web-application (by CNAME to the my web-application)
Desired feature is that once the domain background job will get triggered that will add that domain/host to list of restricted domains/hosts for my Google Maps Api key so that their domain will be able to read google maps on their domanin
note: I Have cron job DNS lookup validation check implemented to ensure that domain is really assigned to the domain
live example
here is website generated by customer on my web-application http://sbs-sos.sajtka.sk/ he assigned a domain and pointed CNAME http://sbs-sos.sk/
Reason why the google map works is because I manually white-listed their domain. I need to automate this
please aware portal is not fully launched so many bugs are happening
The feature request to manage API keys restrictions via SDK was submitted in Google issue tracker in 2016:
https://issuetracker.google.com/issues/35829646
Currently, there are no any official SDK for that. However, the last update from Google says that they released experimental API to programmatically manage your API Keys and their restrictions.
The best way to handle thousands of authorized domains is to use an API to programmatically manage your API Keys and their restrictions, and we have recently launched a new service that allows you to do this.
This API is still in Alpha. If you are interested in becoming a Trusted Tester for this service, you can use the following form to sign up, please read the instructions carefully:
https://forms.gle/qx2SMcarWCAsbWVp7
Please note that this API is not part of the Google Maps Platform. After you fill out the form, you will be contacted by the API Keys API team with instructions on how to get started, and how to receive support.
API Keys API is currently free of charge. However, please note that use of Cloud Endpoints may be subject to charges at high traffic volume. You can check the pricing sheet here:
https://cloud.google.com/endpoints/pricing-and-quotas
I would suggest joining Trusted Tester program and try out this API.
I hope this helps!
I have a Web Application, which is hosted under a domain (say www.xx.com) and I have activated Google Map Account (say, MyAccount) for that Application as well. The Google Map Key under MyAccount; I have enabled for JavaScript Map API and Geocoding API only. There is another option in that Application, which uses Places API, which I haven't enabled due to the heavy costing for that what google have. But, one of my client want to use the Places API option and they have suggested me that to use Client Google Map Account (say, ClientAccount) for that particular Option; where I'll use their Map Key (under ClientAccount) while they sign-in into the Application. So, the following questions became relevant;
-Is it possible to use Dynamic Map Key under one Project?
Is there any violation of Terms? if yes,
- What is the alternative I can suggest to the client to achieve this requirement?
NB: I cannot make another instance of the application to host for the client as my services are under SaaS model.
Thanks,
Shenulal
Yes this should be possible, just send the customer's key with your Places API requests, and make sure they whitelist your domain in their key restrictions.
I have rendered google map in xamarin form iso but it is not working in android. I don't know if I am doing something wrong in my android setup or not.
My question is: can we use single google map api key in both application?
In google console I see:
Application restrictions specify which web sites, IP addresses, or apps
can use this key. You can set one restriction type per key.
Where i can choose only one option among http, ip, android and ios.
If tutorial link for google map in xamarinform would also be appreciated. I am using googlemaps nuget package.
According to Google, you should be using a different API key for Android and iOS for a better understanding I would suggest you read this document.
In your case, I would recommend you create an API key for your iOS app and another client API key for your Android app (different than the iOS one).
On your Developer console select create a new API key, you can see that Google gives you different choices: server key, browser key, iOS key, Android key, etc. Each different key serves different purposes and should be limited to the corresponding platform only (e.g.: do not put a server key in a client app like an iOS app, and vice versa).
As of an example, you can check this out.
The answer is Yes. You can use the same Google map api key in both application (Android/iOS), just use Xamarin.Forms.GoogleMaps NuGet
You can found a tutorial for GoogleMaps in Xamarin Forms in this answer.
I'm using Google Maps web services to perform server-side (reverse) geocoding.
I've got a browser-side and server-side Google API key from the Google APIs Console, which permits the Google Maps JS API to use higher request quotas, and enables pay-per-use for overages (successfully tested in-browser via JS). But the server-side key doesn't seem to work on web services requests.
For example, this URL works fine:
http://maps.googleapis.com/maps/api/geocode/json?sensor=true&latlng=43.477329,-80.548601
But if you add a "key=..." parameter, as in the other APIs, I get a REQUEST_DENIED status.
Am I doing something wrong, or is this just not supported on the web services APIs (yet)? Will it be supported in the future?
See also
request_denied when i include key=my_api_key
Nope, you're not doing anything wrong.
Unfortunately, enforcing tight limits on the Google Geocoding API, also called "Server-Side Geocoding", is Google's design. If your app needs more than 2,500 Server-Side Geocodes per day, then you'll need to upgrade to their Google Maps API for Business product.
Hold on, it gets worse.
If your app's server IP address is shared with other apps, that 2,500 request daily limit applies to ALL of them. This includes apps that share the same server IP address as you, but don't belong to you! This can be a common situation with any PaaS, like Google App Engine or Heroku. So, even if your app works flawlessly today, there is no guarantee that it's still going to work tomorrow.
In the article, "Geocoding Strategies", Google indicates the solution is to "almost always" use "Client-Side Geocoding" via the Geocoding Service, part of the Google Maps JavaScript API V3. The primary reason is that limits are enforced per user, per session. Requests like this shouldn't run up against quota limits unless you're executing geocode batches on the client (not a typical use case).
One golden nugget from the "Geocoding Strategies" article: Design a page that takes user input, calls the client-side Geocode service method, then passes that information to your server app where it can be processed, and hopefully cached. This is FAR from ideal, but if upgrading to Google Maps API for Business isn't an option, it might be the only way to go.
Good luck!
According to this post, your API key should work as one of the three option for requests over 25,000 loads per day.
https://developers.google.com/maps/faq#usagelimits