Google maps API key is exposed

[kanandam]

Hi there, I'm using this library for geocoding purpose in my react code, and the API key is exposed in the request under query params, is there a way to encrypt or hide it in the request?

TIA...

[ziyaddin]

Hi, it's impossible and it has been a known issue for a long time. Community recommends to create and use a separate API key for each type of operations (e.g. one for geocoding, one for map rendering, etc.) to at least decrease the negative impact of only one key being abused with all types of operations by a malicious user.

[kanandam]

Hey @ziyaddin , I've been using this other library for google maps component, it uses some methods to create a security layer for the request api, just letting you know if it can help. https://github.com/JustFly1984/react-google-maps-api/tree/master/packages/react-google-maps-api

cheers...

[Aupire]

Hi there, I'm using this library for geocoding purpose in my react code, and the API key is exposed in the request under query params, is there a way to encrypt or hide it in the request?

TIA...

Hi, It's not a problem to expose your api, you simply just restrict your apis from ip address or url website ... https://cloud.google.com/api-keys/docs/add-restrictions-api-keys

[kanandam]

@Aupire yes, I'm aware of restricting the API, but we don't have the access to the GCP to restrict, it's with client.