Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript Build an Interactive Website Google Maps Integration Adding a Dynamic Map

carriebarnett
carriebarnett
16,732 Points

Google documentation on API keys, says that keys should not be made public for security. Index file is public? Explain?

On the Google Maps and API page documenation there is a sections about:

Secure your API key following these best practices

https://support.google.com/cloud/answer/6310037

So isn't the index file public? So I don't understand why it is okay to just put the key that we had to register personally out there where people can just see it?

I guess I am confused here. Can anyone explain this for me?

Thanks!

1 Answer

Nathan Wakefield
Nathan Wakefield
7,065 Points

I'm not sure how you're supposed to include it so that others can't see the API key. However, the way you can keep others from using it is this:

When you get your API key from the Google Maps Developers site, you can change a setting called 'Edit allowed referrers' which basically lets you whitelist certain domains to use your API key. So on a published web application, you would make sure your API key has only example.com in its allowed referrers, where example.com is your application's domain.

Hope this helped!