Google Maps Platform products are secured from unauthorized use by restricting API calls to those that provide proper authentication credentials. These credentials are in the form of an API key - a unique alphanumeric string that associates your Google billing account with your project, and with the specific API or SDK.
This guide shows how to create, restrict, and use your API Key for Google Maps Platform.
Before you begin
Before you start using the Maps JavaScript API, you need a project with a billing account and the Maps JavaScript API enabled. To learn more, see Set up in Cloud console.
Create API keys
The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes. You must have at least one API key associated with your project.
To create an API key:
Console
-
Go to the Google Maps Platform > Credentials page.
-
On the Credentials page, click Create credentials > API key.
The API key created dialog displays your newly created API key. -
Click Close.
The new API key is listed on the Credentials page under API keys.
(Remember to restrict the API key before using it in production.)
Cloud SDK
gcloud alpha services api-keys create \ --project "PROJECT" \ --display-name "DISPLAY_NAME"
Read more about the Google Cloud SDK , Cloud SDK installation , and the following commands:
Restrict API keys
Google strongly recommends that you restrict your API keys by limiting their usage to those only APIs needed for your application. Restricting API keys adds security to your application by protecting it from unwarranted requests. You are financially responsible for charges caused by abuse of unrestricted API keys. For more information, see API security best practices.
To restrict an API key:
Console
-
Go to the Google Maps Platform > Credentials page.
- Select the API key that you want to set a restriction on. The API key property page appears.
- Under Key restrictions, set the following restrictions:
- Application restrictions:
- To accept requests from the list of websites that you supply, select HTTP referers (web sites) from the list of Application restrictions.
- Specify one or more referrer websites. You can use wildcard
characters to authorize all subdomains (for example,
https://*.google.com
accepts all sites ending in.google.com
when accessed over HTTPS). Note that if you specify www.domain.com, it acts as a wildcard www.domain.com/*, and authorizes any subpath on that hostname. Specifyhttps://
andhttp://
referrer schemes as-is. For other URL protocols, you must use a special representation. For example, formatfile:///path/to/
as__file_url__//path/to/*
. After enabling websites, be sure to monitor your usage, to make sure it matches your expectations. The following protocols are supported:about://
,app://
,applewebdata://
,asset://
,chrome://
,content://
,file://
,ftp://
,ionic://
,local://
,ms-appx://
,ms-appx-web://
,ms-local-stream://
,prism://
,qrc://
,res://
,saphtmlp://
. - API restrictions:
- Click Restrict key.
- Select Maps JavaScript API from Select APIs dropdown. If the Maps JavaScript API is not listed, you need to enable it.
- If your project uses Places Library, also select Places API. Similarly, if your project uses other services in the JavaScript API (Directions Service, Distance Matrix Service, Elevation Service, and/or Geocoding Service), you must also enable and select the corresponding API in this list.
- To finalize your changes, click Save.
Cloud SDK
List existing keys.
gcloud services api-keys list --project="PROJECT"
Clear existing restrictions on existing key.
gcloud alpha services api-keys update "projects/PROJECT/keys/KEY_ID" \ --clear-restrictions
Set new restrictions on existing key.
gcloud alpha services api-keys update projects/PROJECT/locations/global/keys/KEY_ID \ --api-target=service=maps-backend.googleapis.com --allowed-referrers="referer"
Read more about the Google Cloud SDK , Cloud SDK installation , and the following commands:
Add the API key to your request
You must include an API key with every Maps JavaScript API request.
In the following example, replace YOUR_API_KEY
with your
API key.
<script> (g=>{var h,a,k,p="The Google Maps JavaScript API",c="google",l="importLibrary",q="__ib__",m=document,b=window;b=b[c]||(b[c]={});var d=b.maps||(b.maps={}),r=new Set,e=new URLSearchParams,u=()=>h||(h=new Promise(async(f,n)=>{await (a=m.createElement("script"));e.set("libraries",[...r]+"");for(k in g)e.set(k.replace(/[A-Z]/g,t=>"_"+t[0].toLowerCase()),g[k]);e.set("callback",c+".maps."+q);a.src=`https://maps.${c}apis.com/maps/api/js?`+e;d[q]=f;a.onerror=()=>h=n(Error(p+" could not load."));a.nonce=m.querySelector("script[nonce]")?.nonce||"";m.head.append(a)}));d[l]?console.warn(p+" only loads once. Ignoring:",g):d[l]=(f,...n)=>r.add(f)&&u().then(()=>d[l](f,...n))})({ key: "YOUR_API_KEY", v: "weekly", // Use the 'v' parameter to indicate the version to use (weekly, beta, alpha, etc.). // Add other bootstrap parameters as needed, using camel case. }); </script>