The web sites will be register and get an API key to use widgets. For example; Site A is registered as sitea.com for widget. But the main problem is, the widget can not be accessable from siteb.com with API key of sitea.com. Are there any way to implement this?
The API keys for Google Maps are similar. There, you specify a key and it is checked every time against your domain. However, it is hard to get this secure. With Google Maps you can simply change the Javascript so that it does not check the API key anymore.
Related
I have a Web Application, which is hosted under a domain (say www.xx.com) and I have activated Google Map Account (say, MyAccount) for that Application as well. The Google Map Key under MyAccount; I have enabled for JavaScript Map API and Geocoding API only. There is another option in that Application, which uses Places API, which I haven't enabled due to the heavy costing for that what google have. But, one of my client want to use the Places API option and they have suggested me that to use Client Google Map Account (say, ClientAccount) for that particular Option; where I'll use their Map Key (under ClientAccount) while they sign-in into the Application. So, the following questions became relevant;
-Is it possible to use Dynamic Map Key under one Project?
Is there any violation of Terms? if yes,
- What is the alternative I can suggest to the client to achieve this requirement?
NB: I cannot make another instance of the application to host for the client as my services are under SaaS model.
Thanks,
Shenulal
Yes this should be possible, just send the customer's key with your Places API requests, and make sure they whitelist your domain in their key restrictions.
I can’t seem to use they API key I generated when running the android emulators. The very first app I made with any API key I generated works but anytime I make a new app and plug in the API key it doesn’t work. It says it’s having trouble with google play services. Anyone know how to fix this?
It seems that the API key is restricted to your first app where you used the API key, I would suggest that you use new API key for each app that you make as this will also help you track your usage for each app that you make.
You may also see the API key best practices to help you in restricting your API key to avoid unexpected usage.
On some domains Google Maps returns instead of image this error message: The Google Maps Platform server rejected your request. You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Domains where it does not work:
http://en.aston-martin-club.com/test_mapa.php
http://en.ktm-club.cz/test_mapa.php
Domains where it works:
http://en.renault-club.cz/test_mapa.php
http://en.lada-club.eu/test_mapa.php
The image I display on web is from http://maps.googleapis.com/maps/api/staticmap URL. It is Google Maps Stati API https://developers.google.com/maps/documentation/maps-static/intro
Why on some domains it works and some not? If it wil not work for any domain, then I think I need to add "key=YOUR_API_KEY" parameter.
I spent many hours trying to find out the reason, but did not succeeded. Any help is very welcome.
In the past (and this is probably still the case), domains that were using the API before keys became required were "grandfathered" with keyless access (they will work without a key).
Keys are now required, so regardless whether the domains "work" without keys or not, it is best to add a valid key to the request.
The things that determine whether or not the domains are "grandfathered" to keyless access are:
When the domain was created
When the domain started using the Google Maps APIs
Google rejects all the requests for static images that does not include api key in URL.
I don't know Google's threshold, but en.aston-martin-club.com is blocked by Google obviously. You must include api key in URL at least.
I've found nice jekyll template:
https://github.com/volny/stylish-portfolio-jekyll
It tries to present a google map and it needs google map api key which it expects to be stored in _config.yml:
# API settings
google_api_key:
It seems not the safest way to store the key as anybody can see it and use.
How to safely store google maps api key in public repo for github pages?
The short answer is: You can't.
By design, the Google Maps Embed API expects you to include the API Key in the URL where you request your map (as you can observe looking at the source code of the template your mentioned)
That means your API key will be always be visible in the resulting HTML file rendered in the browser.
Only Google can try to prevent other people from using your API Key (by checking the URL of the site where the map being served, for example). There's nothing you can do.
All that Google can do is to make it harder for someone to reuse the API key. They cannot really prevent it in a reliable way. It is just the nature of how the web works. People visiting your site will be the ones requesting the maps - so you can't, for example, restrict the IP address of who can call the API unless you know exactly who those users are (which is just not possible if your site is a public website, which is your case).
Unfortunately, there's really not a safe way to store an api key in a public repo.
See Hide secret key in public repository for further discussion.
Ok, so I have a site that uses the google maps API, and I want to serve it from more domains. The fact that the API key is tied to a domain greatly hinders my efforts on this front.
Is there any solution more elegant than getting a key for every domain?
There is one way you can avoid using the API key completely - use the version 3 API.
The v3 API is still in 'beta' but it has the key (no pun intended) functionality that most people use for their maps and there are no keys required. Nor will there be in the future according to Google. If you can get by without features like draggable markers, then v3 will work well. I use it for my primary map page and have no problems with it.
You can set up a proxy. But obviously that will complicate your code, and it's your responsibility to make sure only your domains can access the proxy.