Skip Navigation

[Resolved] Google maps api validation – restriction error

This support ticket is created 4 years, 2 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 -
- 13:00 – 18:00 13:00 – 18:00 13:00 – 18:00 14:00 – 18:00 13:00 – 18:00 -

Supporter timezone: America/Jamaica (GMT-05:00)

Tagged: 

This topic contains 12 replies, has 2 voices.

Last updated by henrikB-3 4 years, 2 months ago.

Assisted by: Shane.

Author
Posts
#1802645
referrer.JPG

I have created an api key for google maps. I can validate the key only if it is not restricted. When I apply a domain restriction an error pops up in the general setting validation.

I have enclosed a picture of restricted referrer screen on google. Is there any problems with how I have done the referrer?

Regards Henrik

Ps. I have read this thread for a similar problem
https://toolset.com/forums/topic/google-maps-api-general-settings-javascript-api-error/

#1803499

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Thank you for getting in touch.

Usually this is a cause where Google is unable to verify with the site itself. It Actually isn't a Toolset issue per say.

However what you can do is to use the actual domain of your site rather than using a wildcard with *.mywebsite.com/*

Thanks,
Shane

#1804439

Hi Shane

Thanks for a quick answer. I have changed the referer to just "studentumea.se" but it still shows an error.

REQUEST_DENIED - API keys with referer restrictions cannot be used with this API.

Do you now where to contact Google support regarding this issue?

Regards Henrik

#1804801

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Google doesn't have a direct support channel link, I will see how best I can assist you here.

Can you try the API with this URL and let me know if it validates hidden link

Thanks,
Shane

#1805159

Hi again
Same problem. I tried to take away the three restricted api:s so the key can call any api from hidden link but no luck there either.

#1806075

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Thanks for the update on this one.

Unfortunately if the restriction is not working then my recommendation is to use the key unrestricted.

Given that its failing to validate the URL on Google's end then the issue is on how google is validating the domains.

If it was an issue with our API communicating with google then the non-restricted key wouldn't work either.

Other than this the only other suggestion I can make is to retry using the URL with the wildcard and give it some time to see if the validation works.

Thanks,
Shane

#1807959

Hi again Shane
It is a pity that you can only use google maps with an unrestricted api key. If a hacker attack occurs or the key will somehow get into the hands of evil people, they can use it on their sites (with my credit card!).

It feels like it is not only me who has this problem.
It would be nice if Toolset the company can contact Google to see if there is a solution to this problem.

Thanks again for your help.

Regards Henrik

#1809047

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Sorry I couldn't provide better assistance with this one but we can't do much if your URL doesn't validate with the restricted API.

Perhaps what you can do is to contact your host and ask them to see how best they can assist you with this. Perhaps they will know the correct URL to use.

Thanks,
Shane

#1809879

Hi again

I think I have resolved the problem.

I found a forum thread about the api error on www

I did this solution and it worked.

hidden link

But how does the toolset plugin work when a browser calls the api? When does it use browser side api key and when does it use the server side key?

regards Henrik

#1810427

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Thank you for sharing, however can you send me the exact format of the URL that you used that worked?

This is quite a common issue with users and its usually due to the URL that they are using.

To respond to your question about the secondary API, we have a response in our documentation below.

"If Google Maps API key is restricted by domain, that may not work for users with multiple domains or subdomains. To solve this, you can enter a second API key for Google Maps, in the Toolset settings. When added, this second key is used exclusively for server-side requests. This means it is never exposed in HTML and does not need restrictions. If you want extra security, you can restrict it, but only by IP addresses, not by domains."

Please let me know if this helps.
Thanks,
Shane

#1810849
server side api.JPG
visitor side api.JPG

Hi!

I have enclosed some pictures from google api console for you to look at, all the details are there.

I used hidden link as http referrer for the visitors api key. The server side api key is restricted by the three api:s that toolset needs.

Is the visitors api key (the first key you enter in toolset settings) exposed in html somewhere on the site?

/Henrik

#1811363

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Henrik,

Thank you for sharing the screenshots with me.

Yes the API key is loaded directly on the page in the header script tags for the google maps API call.

Thanks,
Shane

#1811913

Hi
That's good that the api key is restricted to domain name and the server-side api is only used internally and not exposed in any html code.

My issue is resolved now. Thank you!