Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

HTML Build an Interactive Website Google Maps Integration Adding Static Maps

Vittorio Somaschini
Vittorio Somaschini
33,371 Points
Posted by Vittorio Somaschini
Vittorio Somaschini
33,371 Points

Is it ok to leave the APIkey visible?

Hello.

Just a quick question.

Is it ok to leave the APIkey visible in the src attribute of the img in the static maps?

Shouldn't we encrypt it somehow?

I am just wondering about this..

Ty

Vittorio

1 Answer

Kevin Korte
Kevin Korte
28,148 Points
Kevin Korte
Kevin Korte
28,148 Points

It's really not a big deal, it'll actually work even without a key.

However, you can set an allowed referrer to your API key, basically limiting that your API key will only work from your domain. So if somebody stole your API key, they still couldn't use it because their domain would not be an allowed referrer.

Go down about half way on the below linked page, to the heading that states Limiting referrers and it explains how to do it, and some examples so you can match your requesting domain as a referrer.

https://developers.google.com/maps/documentation/business/places/auth

Hope that helps.