Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.Start your free trial
Google documentation on API keys, says that keys should not be made public for security. Index file is public? Explain?
On the Google Maps and API page documenation there is a sections about:
Secure your API key following these best practices
So isn't the index file public? So I don't understand why it is okay to just put the key that we had to register personally out there where people can just see it?
I guess I am confused here. Can anyone explain this for me?
Nathan Wakefield7,065 Points
I'm not sure how you're supposed to include it so that others can't see the API key. However, the way you can keep others from using it is this:
When you get your API key from the Google Maps Developers site, you can change a setting called 'Edit allowed referrers' which basically lets you whitelist certain domains to use your API key. So on a published web application, you would make sure your API key has only
example.com in its allowed referrers, where example.com is your application's domain.
Hope this helped!