Tell us what you are trying to do?
I want to make sure I have the correct restrictions on my 2 API keys.
Is there any documentation that you are following?
No.
What is the link to your site?
Amii.org.uk
Google have told me that my bill is high because duplicate queries are happening.
My first key:
Is restricted to http referrers, with no API restrictions
My second key:
Is not restricted to http referrers, and has no API restrictions
Should one of them be restricted to 'Maps JavaScript API' and the other to 'Geocoding API' and 'Places API'?
I am worried that when a user does a map search on the site, it is requesting the Geocoding API, Maps JavaScript API and Places API twice because neither key has API restrictions.
Hello. Thank you for contacting the Toolset support.
Please check our Doc:
=> https://toolset.com/course-lesson/creating-a-maps-api-key
If Google Maps API key is restricted by domain, that may not work for users with multiple domains or subdomains. To solve this, you can enter a second API key for Google Maps, in the Toolset settings. When added, this second key is used exclusively for server-side requests. This means it is never exposed in HTML and does not need restrictions. If you want extra security, you can restrict it, but only by IP addresses, not by domains.
I suggest you should add server-side API key, again it should be unrestricted key but when you register server-side key it will never expose to users.
Thanks Minesh, but I already have a 2nd key. My question is...
Do I have the correct restrictions on my 2 API keys?:
My first key:
Is restricted to http referrers, with no API restrictions
My second key:
Is not restricted to http referrers, and has no API restrictions
Should one of them be restricted to 'Maps JavaScript API' and the other to 'Geocoding API' and 'Places API'?
Google have told me that my bill is high because duplicate queries are happening. So I am worried that when a user does a map search on the site, it is requesting the Geocoding API, Maps JavaScript API and Places API twice, because neither key has API restrictions.
I'm not sure why it's calling two calls, it should be one.
The Places API offers an autocomplete feature which you can use to give your applications the autocomplete search (address search) of the Google Maps search field.
So, if you have address search field, then Places API is required.
As stated with our Docs:
If you want extra security, you can restrict it, but only by IP addresses, not by domains.
However - you should check first why it makes two API call. Do you use any plugin or theme that uses google map API. So you may add a checkpoint and see from where and on what request it calls two API requests.
