Hi there,
I am using Google Map API but any time I set up a restriction for the domain, the API is not working on the website.
I use the following restriction for the domain but it doesn't get accepted on Toolset.
*.vanmates.com/*
Is there any way to solve this issue?
Hi,
Thank you for contacting us and I'd be happy to assist.
Are you using this domain restriction for the primary key or the secondary key?
At WP Admin -> Toolset -> Settings -> Maps, you'll see that there are two fields to enter Google Map API keys.
When only the main/primary key is added, it is used for both the client-side and the server-side requests.
The key with domain restriction works for the client-side requests, but not for the server-side ones. To overcome this limitation, the second optional key field was introduced.
When you'll include a second optional key, that will be used for the server-side requests, allowing you to use a primary key with the domain restriction turned on.
If your hosting server has a static IP, you can optionally enable IP restrictions on the second key too, but it is not necessary, since this second key for the server-side requests is not publically exposed.
I hope this helps and let me know how it goes.
regards,
Waqar
So you recommend copying and pasting the API key to the second optional key section to be able to make it work with the domain restrictions? Am I correct?
If yes, I will try as you suggested.
> So you recommend copying and pasting the API key to the second optional key section to be able to make it work with the domain restrictions? Am I correct?
- It is slightly different and no you'll not have to copy/paste the same key in both fields.
1. For the main/primary field, you can add a key that has the domain restriction enabled.
( it will be used for client-side requests )
2. For the second field, you'll add a different key without any restriction, as that will be used for the server-side requests.
So at the end of the day, isn't it going to be the same thing to have a key without any restriction?
If anyone gets the key that is used server-side, they will be able to use that API freely. Please let me know if I am missing anything.
> So at the end of the day, isn't it going to be the same thing to have a key without any restriction?
> If anyone gets the key that is used server-side, they will be able to use that API freely.
- The second key that you'll add in the second field will be used only for server-side requests. This means that this key will not be publically exposed and no one will be able to find it out to misuse.
However, if you'd like to make this second key more secure too, you can add IP-based restriction to it.
( Your hosting server must be using a dedicated IP address, for this to work )
Thank you Waqar, the issue seemed to be solved!
