0

I have some code that shows an image of a location like:

    <img alt="Gym" src="https://maps.googleapis.com/maps/api/streetview?location=43.035419,-89.380748&size=456x456&**key=<api key>**"/>

The problem is that the is now exposed to the public. Google Maps has a component that essentially hides the key (at least the way I understand it). Is there something similar for this "streetview" API?

Kevin Burton
  • 2,032
  • 4
  • 26
  • 43
  • 1
    Isn't that key locked to your site anyway? – tadman Aug 17 '20 at 20:25
  • Everything in the client-side technically aren't private. So if I'm not wrong, the only way you can hide the API Key is on the server-side, using some sort of proxy way. – Francisco Aug 17 '20 at 20:30
  • 1
    You should protect your API key as described in the https://developers.google.com/maps/api-key-best-practices – xomena Aug 17 '20 at 20:47
  • Hello i have answered at this post you can check it out : [https://stackoverflow.com/a/70681970/16742294](https://stackoverflow.com/a/70681970/16742294) – Med Chouiref Jan 12 '22 at 13:02

1 Answers1

0

The developers.google guide lines suggest you to restrict the keys so they can only be used inside you website (preferably it should be allowed just for a single page not the entire website), use a different key for each website, and monitor for any anomalies in key usage.

But if are really want to obfuscate the key you can write it inside your code using a simple Cesar Cipher and translating it before sending it to Google, at the end this is a terrible security feature and will only protect you against basic bots.

https://developers.google.com/maps/api-key-best-practices

Victor Thadeu
  • 89
  • 1
  • 7