Google maps api REQUEST_DENIED when using API restrictions & key - google-maps

I have been happily using the Geocoding API from Maps for some years, with no problem. Recently I've made more keys, for different environments, and decided it would be a good idea to add API restrictions to them.
When I add these API restrictions, I suddenly start getting REQUEST_DENIED.
https://maps.googleapis.com/maps/api/geocode/json?latlng=={lt},{ln}&key={key}
This IP, site or mobile application is not authorized to use this API key, ...
REQUEST_DENIED
Removing them allows the APIs to be called again.
This is the setup for the keys. We only have 2 APIs enabled, and they are both added to this key. In this configuration I can't call the Geocoding API. When I delete the restrictions the Key works again, no problem. I've not set up any other app restrictions.

Google is now aware of the bug and it was reported in the public issue tracker:
https://issuetracker.google.com/issues/69715011
Please star the bug to add your vote and subscribe to notifications from Google. Hopefully they will fix the issue soon.
UPDATE
The bug was fixed on Google side in March 2018.

I ran into this issue as well. I think the API Restrictions settings actually prevents the key being used for the listed APIs. In other words, it's opt-out rather than opt-in. However, that's very counterintuitive and not at all clear from the documentation.

I too was in a similar position. I would seem like #user8960608's answer might make sense.
I applied some combinations of different restrictions but none of them seemed to make it work. Minus actually removing the any API 'restrictions' altogether.
So whilst I don't know the answer, I can only hypothesise that those restrictions do not work with Geocode at least? Perhaps that table here:
https://developers.google.com/maps/faq#using-google-maps-apis
might indicate that they aren't used yet, or perhaps the docs are yet to be updated.
For now we simply IP restrict the key, not perfect, but its a start.

Related

Is it possible to see what domains are using a Google API Key?

I've had a major spike in my Google API usage. Because many of my sites share the same key, I was hoping to see a sorted list of where the API calls are coming from. I haven't managed to find how to do that in the Google API Console. I know that you can restrict the keys to specific domains, but that's not realistic with hundreds of domains.
In the mean time I've regenerated the keys and deployed them in case they've been co-opted by someone else. If anyone has any insight, I'd really appreciate it. Thanks.
You can do this for all future requests but not for past ones. Google recently implemented a channel parameter in requests. You can add a different channel (from 0 to 999) to your requests from different URLs and then filter your billing reports on that channel to see exactly what you are looking for in your billing report moving forward.
https://developers.google.com/maps/reporting/gmp-reporting#usage-tracking-per-channel
Is it possible to see what domains are using a Google API Key?
No its not.
If you want to know where the calls are coming from i would make project for each domain and then create a key. This will mean monitoring 100 google projects and creating billing accounts for each. I dont really see any other way around it though.

Determining Use of Google Maps API Key

I'm trying to track down the use of all the Google API keys for an account. There are a few keys which don't have referrer's set and are generically named, but are being used according to the statistics. Is there anyway to determine the referrer/url that is using an existing API key?
FYI, I do know that the referrer should be set, these are keys that weren't created by me or were created many years ago when I was young and stupid. :-)
The only current way for you to know the domains of the API Keys that are being used is to:
Restrict your API Key. By doing so, the other domains will be unable to use the API Key that is not in the list of referrers. See API Key Best Practices or,
Start fresh by creating a new Key and properly restrict it with the domains you are aware of. Then start migrating it to the sites that you built. Then eventually, delete the old key at least until June 11, as that will be the date when the changes will be implemented.
You can also contact Google Cloud Support but you will receive the same answer, as they will not give you the domains if your API Key is unrestricted. Here are also some of the best practices for you:
You can set Budgets Alerts which will notify you if you reach the conditions you set. You can cap your usage by setting consumer quota limits on a per-API basis from the Cloud Console.
I also encourage you to follow the API key best practices and,
Use these strategies detailed on the Optimization Guide

Google Maps Javascript API key

I am using Google Maps JavaScript API, and have obtained an API key for my registered project on the Google site.
I am at a point in my development where I would like to deploy the app to others as well, for more extensive testing.
The API key that I have was obtained by creating a project on googles interface, and also by providing my own work email address. I left the key open without any restrictions.
Can others in my organisation also use this API key to connect to the maps?
What do I do in terms of deployment to production systems, in terms of the key I will use there? We have quite a lot of clients, and I would like detailed information such as how many connections google will allow for this key etc.
The limitation will be applied at the level of your Google account. So It doesn't matter how much clients you have or how much coworkers use it the limitations are global.
You can check these limitations on real time on google console: https://console.developers.google.com/.
The default limits (free API key) are:
25 000 maps loading each 24 hours
50 request per second
It's important to use API key restriction, try applying a DNS restriction if you have only one DNS, but your co-workers or you won't be able to use it if you don't use the DNS.
I'll recommend you to have two API keys one of your clients and one for your coworkers, so you just applied the API key restrictions to your clients. It will also be easier to check usage onto the clients only. The limitation is on your account not your API key anyway.

Referrer limit per google-maps api key

We are providing websites/CMS solutions for more than 2500 customers. Almost all websites have google-map module. So since google changed its map usage policy, from one day to another all those webs had an error on their map modules. We need to come up with some quick (and dirty) solution. We decided to use multiple api-keys, and devide domains between them - alphabetic. And we registered all those 2500+ domains under these keys - manually. One by one.
The solution worked until last week. Now we somehow reached some kind of limit, as we cannot register any new domains/referrers under one of those api-keys. The actual count of domains/referrer of this given api-key: 1537. The saving process yields an error with tracking code (which is every time I try different).
Is there really some kind of limit? Does anyone experienced the same problems. Does some time-economic solution exists?
Thanks for any help or suggestions. Peace!
There is indeed a limit of (at time of writing) about 1,000 referer restrictions per API key. You can create about 100 keys per project, so you can authenticate 100,000 domains with a single project. To proceed further, you can create multiple projects (note that multiple projects can be combined under the same billing account, so you would still receive a single bill).
As a short term fix, you can temporarily remove all restrictions on the key, so that apps relying on that key are functional again. Then you can take the time to release a new key sharding pattern that follows these guidelines.
I just created a feature request so that the situation can be improved, for this use case ("star" it, to be notified of updates).
Google has recently released an alpha version of API that allows manage API keys programmatically.
The best way to handle thousands of authorized domains is to use an API to programmatically manage your API Keys and their restrictions, and we have recently launched a new service that allows you to do this.
This API is still in Alpha. If you are interested in becoming a Trusted Tester for this service, you can use the following form to sign up, please read the instructions carefully:
https://forms.gle/qx2SMcarWCAsbWVp7
Please note that this API is not part of the Google Maps Platform. After you fill out the form, you will be contacted by the API Keys API team with instructions on how to get started, and how to receive support.
API Keys API is currently free of charge. However, please note that use of Cloud Endpoints may be subject to charges at high traffic volume. You can check the pricing sheet here:
https://cloud.google.com/endpoints/pricing-and-quotas
source: https://issuetracker.google.com/issues/35829646#comment12
Hope this helps!

Blacklisting specific roads from Google Maps/Mapquest?

I'm looking to build a custom view of a Google Maps type of application for providing directions, but I need to blacklist specific roads or sections of roads. I'm not talking just avoiding highways or Toll Roads. I've been looking through the Google Maps and Mapquest APIs but haven't found anything of use yet.
Initially I'm just looking to manually blacklist specific roads that I do not want to drive on, but eventually would like there to be some sort of automatic detection or suggestion.
Is there built-in functionality to support blacklisting specific roads in Google Maps or Mapquest? Or is there any known way to hack it together?
As mentioned in another answer, this functionality is not directly available in the Google Maps API. However, I've been thinking about it, and had a couple of work-around ideas in the "hacking it together" category. Both of these rely on version 3 of the Google Maps API.
When requesting the directions, set provideRouteAlternatives to true. Loop through the alternatives. Check if that route passes through one of your roadblocks. If it does, discard that route and try the next one.
For each roadblock, set up in advance one or more alternate points to route through. For example, if you want to avoid a certain bridge, identify one or more alternate bridges to use. Now, if a route passes through one of your roadblocks, add the alternate point for the for roadblock as a waypoint (with stopover set to false). Now run the directions again and they should avoid the roadblock and use the alternate.
Neither of these methods are optimal, but depending on your situation, they might work for you.
There is an open feature request about this issue on the Google Maps API Issue Tracker:
Roadblock definitions into GDirections as coordinate points
The issue has been acknowledged by Google, but it remains open. You may want to vote up the issue to signal to Google the demand for this feature.
I think mapquest lets you do this, see http://www.mapquestapi.com/directions/#output
and check out the section for mustAvoidLinkId's and tryAvoidLinkId's
I tried all google maps alternatives, and none of them allows the possibility to define road that avoids certain road except Here maps. I am delighted with this solution and it solved all my problems https://developer.here.com/documentation/routing/topics/route-avoiding-links-and-areas.html
You don't need to blacklist the whole road, you can blacklist only some part of that road and the map will try to avoid that if possible.