1

I'm making a web-app where I need to make a request to the Google Places API, this is all good but I also need to make a request to the Places Photo API to display the images of the stuff I find using the places API. To do this, you need to make a request like this:

https://maps.googleapis.com/maps/api/place/photo?parameters

Where one of mandatory parameters is your API Key. I'm using Django and I'm passing a dictionary that has all the info I need to display. However, in the frontend you can see the API Key in the URL of the image. Is there any way I can avoid that?

Thank you so much!

evan
  • 5,443
  • 2
  • 11
  • 20
Dingo
  • 93
  • 1
  • 9

2 Answers2

1

You cannot avoid using an API key. All calls to the Maps APIs need to pass an API key to be able to work.

However, you can secure your API keys with restrictions. You may follow these instructions to restrict your API key for Place Photos use.

Hope this answers your concern.

evan
  • 5,443
  • 2
  • 11
  • 20
  • I see. Thank you, I was really trying to wrap my head around solving that one, but it seems that's the only option I have. – Dingo Aug 05 '19 at 09:27
  • Sure thing! Rest assured that restricted API keys are secure; any calls to the Maps APIs that use restricted API keys will be blocked unless their origin has been white-listed in your key's restrictions. – evan Aug 06 '19 at 19:10
0

The Places API is a server API and can not be restricted by referrer. If you try then you get a 403 response to every request. You can't use it client side with an IP restriction, so the only restriction available is to limit it to the places API. This is not ideal since some of the places API calls are chargeable.

Nick Sugden
  • 1
  • 1