Here are some common patterns we see for API key management.
Frontend/Backend
Frontend websites load the JavaScript API. Backend calls one or more Maps APIs. For each application, create 2 API Keys:
- 1 frontend
- 1 backend
The frontend keys would be restricted by HTTP Referer to be usable on each application’s domain(s). The backend keys would be restricted by the external IP address(es) where your Java code is deployed.
Environment
Create one API key per environment. For example:
- 1 dev / sandbox
- 1 test / integration
- 1 staging / UAT
- 1 production
References
How should I restrict my API Key(s) to prevent unauthorized use?
What are best practices and patterns for managing usage and billing within Google Maps Platform?
Comments
0 comments
Please sign in to leave a comment.