[Resolved] Maps don’t work although API keys are correct

[Author]

Posts

[janV-8]

I am trying to: Set a map with multiple pins. We have a custom field for this and previously it worked just fine.

Link to a page where the issue can be seen: hidden link

I expected to see: The map with pins.

Instead, I got: Error, that the API key is wrong.

We tried to create new API key, set the restrictions only for IP address and in the Toolset settings it says that it's configured properly. But on the frontend it doesn't work and we have error in the console that says we need to allow our url address. It also says something about google.maps.Marker being deprecated and we thing that might be the problem.

We tried to deactivate all plugins except Toolset and still didn't work. We also tried to add basic Google Map to a post and it worked perfectly. We use GeneratePress theme, but according to this page it should be compatible - https://toolset.com/documentation/recommended-themes/using-toolset-with-generatepress-theme/.

Can you please take a look at it?

Best regards,
Petra
Softmedia

[Minesh]

Hello. Thank you for contacting the Toolset support.

I can see the following error on your browser's console:
=> hidden link

Can you please act accordingly and check if you have crated restricted map key then please try to create unrestricted Google Map API key.

[janV-8]

Hello. Honestly I am a little confused. I tried to create unrestricted Google Map API key previously and it didn't work. Now it works, but the problem is that I need to restrict my API key, so that no one can take advantage of it. Is there another IP address that only Toolset uses? The easiest solution would be of course to restrict it by url address but your plugin doesn't allow it, am I right?

[Minesh]

As you can see with our Doc - we offer 2nd Google Map API key that should be use for server side request.
- https://toolset.com/course-lesson/creating-a-maps-api-key/#creating-an-api-key-for-google-maps

What if you try to bind the server side API request to your domain/IP and check if that helps?

[janV-8]

Thanks. I added the non-restricted API key to the first field and the restricted one to the second field. So now it is safe to use it like that? No one can take advantage of the first non-restricted API key?

[Minesh]

I'm not sure in what term you say no one can take advantage of your untestricted API key. But I do not see any other user who raise such complains.

That is why we offer 2nd API key that should be used on server side that will make request to google while using address search etc.. and you can bind the 2nd API key with your domain/IP.

[janV-8]

I meant if the unprotected key can become target of unauthorized usage? We are just worried about charges from Google for that.

Can you please tell me one more thing? What is the first API key used for, when the second is for server side requests?

Thank you.

[Minesh]

Have you checked the following Doc:
=> https://toolset.com/course-lesson/creating-a-maps-api-key/#problems-with-displaying-markers-on-google-maps

If Google Maps API key is restricted by domain, that may not work for users with multiple domains or subdomains. To solve this, you can enter a second API key for Google Maps, in the Toolset settings. When added, this second key is used exclusively for server-side requests. This means it is never exposed in HTML and does not need restrictions. If you want extra security, you can restrict it, but only by IP addresses, not by domains.

I suggest you should add server-side API key, again it should be unrestricted key but when you register server-side key it will never expose to users.