0

I'm working on some app which should use Google Maps JS API (browser version). And there exists one problem I've got very concerned about. API keys have restriction to be used only from your domain, however, any request from your domain (for example, from code inspector) is considered a valid request. So, anyone can make a simple script and kick my quota out easily. So, here is my question:

Is there any option or command to run to block such activity ? Like the script will load just one instance and then will not accept creation of a new one or something like that.

P.S. I know about free quota for mobile versions of API, but I need the browser to work too. Obviously, I don't load this in any public area, but anyone can pretend to be a client and even order some service for couple bucks, but then run the script to make an impact for thousands ((

NickolaS
  • 114
  • 5
  • Does this answer your question? [What steps should I take to protect my Google Maps API Key?](https://stackoverflow.com/questions/1364858/what-steps-should-i-take-to-protect-my-google-maps-api-key) – Pedro Pinheiro Jul 19 '20 at 04:40
  • not at all. Problem is not to keep the key secure. Problem is that there is no way to limit created instances. The maximum you can get - is to protect the key by URL, but from that URL you or anyone else can run as many instances as they wish. And that may kill any quota easily – NickolaS Jul 19 '20 at 23:13

0 Answers0