Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

HTML Build an Interactive Website Google Maps Integration Adding Static Maps

Vittorio Somaschini
Vittorio Somaschini
33,371 Points

Is it ok to leave the APIkey visible?

Hello.

Just a quick question.

Is it ok to leave the APIkey visible in the src attribute of the img in the static maps?

Shouldn't we encrypt it somehow?

I am just wondering about this..

Ty

Vittorio

1 Answer

Kevin Korte
Kevin Korte
28,111 Points

It's really not a big deal, it'll actually work even without a key.

However, you can set an allowed referrer to your API key, basically limiting that your API key will only work from your domain. So if somebody stole your API key, they still couldn't use it because their domain would not be an allowed referrer.

Go down about half way on the below linked page, to the heading that states Limiting referrers and it explains how to do it, and some examples so you can match your requesting domain as a referrer.

https://developers.google.com/maps/documentation/business/places/auth

Hope that helps.