I have generated a Google Map API Key using Google console and currently that has 'None' restriction. It works fine and I am able to consume Google Places API without any problem. I am using Ionic framework and my application is purely based on HTML and AngularJS (JavaScript).
Now as my key works as expected for some duration, it stops working all of a sudden after sometime. Google service returns 'UNKNOWN ERROR' as response for all calls. To resolve this I need to generate another key and without code changes everything works fine. I have used URL https://maps.googleapis.com/maps/api/js?key=AIzaSyDgM6rXXXXXXXXXXXXXXXXXXXXTA68vY5g&callback=&libraries=places and pasted it in browser and copied the content of the generated JavaScript in a file and referring it locally. Also FYI, I don't have any server side code with me.
Now I have precisely 2 questions.
Do I need to change my Google API key every week to keep it active? Or once the restriction is set to 'Android' or 'HTTPS' then the key will work as long as I want?
If I publish my app in Android store is it safe to place the Google API Key in app files (JavaScript or HTML)? Is there a better way of doing it? Google best practices says we should keep it outside root, but then how should I do it?
You might not have billing enabled on your project.
Without billing enabled you only get 1,000 free requests per 24 hour period (calculated as the sum of client-side and server-side requests).
After you enable billing you get up to 150,000 requests per 24 hour period free of charge.
It might be slightly confusing that JS API Places library usage counts against the Places API limit, but that is the case: the daily usage is calculated as the sum of client-side and server-side requests combined.
Related
I am using the Google Maps Javscript Api, v3 and everything is working well up to a point where the requests for the map images are forbidden with a status of 403. Usually the map stops loading after a period of time in which the page/session is open: it may be 24 hours, it may be more than 48h, I couldn't actually find a more accurate period.
Given the fact that we want to have a live website and a testing one – different domains, I generated 2 different keys, and I am loading them conditionally, but the html rendered is the one expected.
var mapKey = VanillaRate.Domain.Settings.AppSettings.GoogleMapsApiKey;
and the script tag is:
script src="https://maps.googleapis.com/maps/api/js?key=#(mapKey)&libraries=places" async defer
The usage limits were not exceeded, the referrer is well set.
The error appears when the map is zoomed and it's:
Failed to load resource: the server responded with a status of 403 () - maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?....
Since I couldn’t find any exact posted situation nor documentation about it, it is possible to be a timeout on google servers for security reasons and this is why the requests are forbidden for a session longer than a day?
EDIT: I forgot to mention that after refreshing the tab, everything works well. If it was indeed the usage limit, would the server respond with success after refresh? I've read that in this case, the map wouldn't work all day. Is that right?
If the response is still a HTTP 403 (Forbidden) error, the signature was not necessarily the problem, it may be related to usage limits instead.
This typically means your access to the web service has been blocked on the grounds that your application has been exceeding usage limits for too long or otherwise abused the web service.
I find this answer on google developer. There is no simply way to resolve this problem. Google recommended two solutions:
Reduce requests to the server;
Or, 'purchasing additional allowance for your Google Maps APIs for Work license.'
You can also try to access to the the Google Cloud Support Portal to signal your problem.
I find this informations in google developer here. You can find on this link some solutions like I detail to you and the explanation of your problem.
"The usage limits were not exceeded"
Are you sure? You're loading the places library, in which case this applies:
Google Places API Web Service
Default 1,000 free requests per day,
increased to 150,000 free requests per day after identity
verification.
https://developers.google.com/maps/pricing-and-plans/
See also:
https://developers.google.com/places/web-service/usage
https://developers.google.com/maps/documentation/javascript/places#UsageLimits
I've been working with website that uses geocode lookups via Google. I've been testing this for awhile now.
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Pennsylvania+Ave+NW,+Washington,+DC&key=XXXXXXXXXXXXXXXXXXXXXXXXXXX
I've got that key locked to particular servers. All of a sudden I'm seeing geocode lookup errors. The response back from Google is:
{
error_message: "Browser API keys cannot have referer restrictions when used with this API.",
results: [ ],
status: "REQUEST_DENIED"
}
When I try a simple request without the API key at all it seems to work fine. Here you can try this yourself. Copy and paste the next line in your browser's URL and return.
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Pennsylvania+Ave+NW,+Washington,+DC
Now, I probably shouldn't look a gift horse in the mouth, but the whole thing seems odd. If I remove my API keys today, will my websites, that rely on an address to Lat/Lng conversion, all fail tomorrow?
Is anybody else experiencing odd failures with Google Maps and GeoCode lookups? Is anyone aware of a systemic content or policy change from the Google mapping / GeoCoding team??
Edit, update:
So this defect lasted about 40 minutes, from around 9:10PM PST until a bit before 10PM PST. It seems to be fixed now.
Response to comment: Hmmm. I've been looking at the API keys as:
Server keys: Create and use a Server key if your application runs on a
server. Do not use this key outside of your server code. For example,
do not embed it in a web page. To prevent quota theft, restrict your
key so that requests are only allowed from your servers' source IP
addresses.
Browser keys: Create and use a Browser key if your application runs on
a client, such as a web browser. To prevent your key from being used
on unauthorized sites, only allow referrals from domains you
administer.
I'm definitely doing this complete lookup from user directly to Google without a server in the middle. No way can I safely use a Server key there. So I've read your input, and it definitely says Server key for geocoding. But, that really implies that no one should ever allow a browser / client interaction to process a geocode lookup. Frankly I just assumed the writeup was out of date and a bit inaccurate.
While you may be right, the whole thing just looks odd. I would have thought that if Geocode required a lookup from a server (only) and never from a web application via the browser (ever) that there would have been some direct comment as to that effect.
Oh, and the browser keys, with server fencing, seem to be working again. Again, I'm just saying the whole thing is odd. I'm treating this as a temporary hiccup up at the Google geocode servers.
And yes, I can certainly introduce an API server for a round trip Ajax call to do the lookup safely with a server key, but what's the point? Is there a benefit that I'm just not seeing? I guess I could add elements like a nonce to protect my round trip geocode intermediate lookup server from somebody else using it, etc.... But at this point, I'm just confused.
Update #2: 16 Jun 2016
Again, this whole thing is not clear. I filed a feature request to the Google GeoCode team asking for a clarification update to the documentation to address the use of Browser API keys for geocode lookups.
The documentation for the Geocoding Web Service states:
Standard API users: If you're using the API under the standard plan, you must use a server key (a type of API key) set up in a project of your choice.
The error message indicates you are using a browser key.
My website makes use of Google Maps API. I recently received an email from Google that says that I should switch from a Browser Key to a Server Key in order to continue using the API past 2 Dec 2015.
So if I am not mistaken all I have to do is request a Server Key in the Google Console and put it in place of my Bowser Key? is that simple?
Here is part of the email:
Yesterday, we announced a pay-as-you-go option for seven of the Google
Maps API Web Services for free, external, publicly available websites
and mobile implementations. As part of this launch, we are tightening
security around how developers identify their usage of the APIs. You
are receiving this email because you may be affected by this change.
Starting today we have deprecated usage of 'Keys for browser
applications' or 'Browser keys’ with the Google Maps API Web Services.
Developers should instead use ‘Server keys’ with these services. Any
newly created browser keys will not work, but existing browser keys
will continue to work for 90 days starting today. On 2nd December
2015, we will be completely disabling usage of browser keys to access
Google Maps API Web Services, at which point any requests to Google
Maps Web Services APIs using such keys will begin to fail.
Currently, in my HTML I have the following that loads the Google Maps API:
<script scr="https://maps.googleapis.com/maps/api/js?v=3&signed_in=false&key=MY_BROWSER_API_KEY&sensor=false"></script>
In another page in the same website, I use the YouTube Data API in the server side to which I feed the SERVER_KEY I obtained from Google Console.
The code looks like:
require_once 'google-api-php-client/src/Google/autoload.php';
$client = new Google_Client();
$client->setDeveloperKey(GOOGLE_API_SERVER_KEY);
$youtube = new Google_Service_YouTube($client);
Yes, all you have to do is change out the key. There are complications with white lists, that may or may not affect people. The white lists between server and web keys need to be merged. This is a problem if the server does not send outgoing communications with the same ip address everytime. For example, for my company, our set up is a group of instances that get dynamically assigned ips from a public pool. In our case we are going to add an extra network interface.
So a better answer to your question is depending on whether you only use the key in a public webpage, or if you use it on a server. If you use the key on a server, and the key is connected to a paid google account for a specific map api service, then you will have to figure out the outgoing ip address(es) and add each one to the list.
A lot of people, particularly on shared hosting accounts have not white listed the server ip as until now, as it could be hidden and the risks of people pirating the key were minimal. But now, in the next 90 days, a lot of private server keys are going to be publicly exposed when people also have to put the key in their html. This will probably mean that there will be a mini migration from shared hosting to more controlled environments, in my opinion.
I am using Google Drive SDK for .NET. Everything is working as expected, except that whenever I get the permission feed for a particular document. I get the Id, kind, name, role, selflink and type fields on permission.
There is no mention of the email address of the user which is stopping me from recognizing by reading the permissions, whether a file has been shared inside the domain or outside of the domain.
I can't use Google Docs API to get the ACL on doc because I am writing an app for users over 200000 users and I will need speed which is provided by Google API Console.
What should I do?
Thanks
You can use the Documents List API to get the email addresses. I'm curious why you believe Drive is faster than Documents List, for most API calls they have a comparable response time.
https://developers.google.com/google-apps/documents-list/#retrieving_the_acl_for_a_document_file_or_collection
Thanks for the idea but can I use Document List API with the Service Accounts provided through API Console?
Why do I believe that Google Drive SDK is better? Because we don't have any control over Document List API where we can set QPS (Query per second) limits or not that I know of.
Secondly, with Document List API when you make request to servers, in the past I had to create a fault tollerent algorithm in such a way that if one request fails second should go after 2 seconds if that fails then make your next request after 5 seconds until 7 second delay.
So, I don't think that Document List API would be a good fit for processing documents over 200000 users everyday unless Google has changed the way their API used to behave?
Starting from recently, any request I try to get a static image from the Google Static Map API gets this text response:
This web site needs a different Google Maps API key
According to documentation https://developers.google.com/maps/documentation/staticmaps/#Limits
Note that the use of a key is not required, though it is recommended. Examples in this document do not include the key parameter so that they will work for all users who cut-and-paste the code.
Has this changed and did they forget to document it? There's a warning at the doc page that says the usage limits have changed (though then the usage limit that are claimed are the same as before!!) but it doesn't say that the use of an API key has become required.
If I had hit the usage limit, which I certainly haven't, then I would (or should) get a different response, as I experienced in the past.
The exact same requests used to work until recently.
Can anybody clarify?
Example request:
http://maps.google.com/staticmap?center=45.54309129999999,-73.62077841957398&zoom=16&size=480x360&maptype=mobile&markers=45.54309129999999,-73.62077841957398&sensor=false
I appears you are using an old URL for V1 (whose deprecation period has ended), for V2 it has to be:
https://maps.googleapis.com/maps/api/staticmap?center=45.54309129999999,-73.62077841957398&zoom=16&size=480x360&maptype=hybrid&markers=45.54309129999999,-73.62077841957398&sensor=false&mobile=true