[Resolved] Toolset Maps and Google Maps API restrictions

[Author]

Posts

[scottL-3]

Google has started sending notifications to API key owners when credentials are publicly exposed on sites and not sufficiently restricted. Toolset has always had this problem and it has, at times, cost me and my clients a fair amount of money in API usage fees when credentials get stolen and abused.

Is Toolset ever going to enhance Maps so that we can use http referrer restrictions on the front-end Google Maps API Key credentials?

[Minesh Supporter Languages: English (English ) Timezone: Asia/Kolkata (GMT+05:30)]

Hello. Thank you for contacting the Toolset support.

Dont you able to restrict the google map site key from your google map API settings page?

More info:
- hidden link

[scottL-3]

Hi Minesh, I know how to restrict Maps API keys. Toolset's documentation says that we cannot use http referrer restrictions. My question is whether that will ever change?

I have the browser keys restricted to javascript api and places api but I'd also like to restrict them to requests referred from the web server as I'm still seeing some abuse of the APIs with the restrictions that work with Toolset Maps and my clients are now getting emails from Google saying their API keys aren't well enough protected.

[Minesh Supporter Languages: English (English ) Timezone: Asia/Kolkata (GMT+05:30)]

Here is the related ticket where one of the user solved the issue about http referer:
- https://toolset.com/forums/topic/google-maps-api-validation-restriction-error/#post-1809879

Can you please try to follow that and check if that helps?

Update:
Another source that might help:
- https://stackoverflow.com/questions/35288250/google-maps-javascript-api-referernotallowedmaperror