Here are some common patterns we see for API key management.
- 1 frontend
- 1 backend
- 1 for Android application
- 1 for iOS application
The frontend keys would be restricted by HTTP Referer to be usable on each application’s domain(s). The backend keys would be restricted by the external IP address(es) where your Java code is deployed.
Create one API key per environment. For example:
- 1 dev / sandbox
- 1 test / integration
- 1 staging / UAT
- 1 production
How should I restrict my API Key(s) to prevent unauthorized use?
What are best practices and patterns for managing usage and billing within Google Maps Platform?
Please sign in to leave a comment.