Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript Build an Interactive Website Google Maps Integration Adding a Dynamic Map

16,732 Points

Google documentation on API keys, says that keys should not be made public for security. Index file is public? Explain?

On the Google Maps and API page documenation there is a sections about:

Secure your API key following these best practices


So isn't the index file public? So I don't understand why it is okay to just put the key that we had to register personally out there where people can just see it?

I guess I am confused here. Can anyone explain this for me?


1 Answer

Nathan Wakefield
Nathan Wakefield
7,065 Points

I'm not sure how you're supposed to include it so that others can't see the API key. However, the way you can keep others from using it is this:

When you get your API key from the Google Maps Developers site, you can change a setting called 'Edit allowed referrers' which basically lets you whitelist certain domains to use your API key. So on a published web application, you would make sure your API key has only example.com in its allowed referrers, where example.com is your application's domain.

Hope this helped!