Here are some common patterns we see for API key management.
Frontend/Backend/Mobile
Frontend websites load the JavaScript API. Backend calls one or more Maps APIs. Android and iOS native mobile applications uses Maps and Places SDKs. For each application, create separate API Keys:
- 1 frontend
- 1 backend
- 1 for Android application
- 1 for iOS application
The frontend keys would be restricted by HTTP Referer to be usable on each application’s domain(s). The backend keys would be restricted by the external IP address(es) where your Java code is deployed.
Environment
Create one API key per environment. For example:
- 1 dev / sandbox
- 1 test / integration
- 1 staging / UAT
- 1 production
References
How should I restrict my API Key(s) to prevent unauthorized use?
What are best practices and patterns for managing usage and billing within Google Maps Platform?
Comments
0 comments
Please sign in to leave a comment.