Overview:
On June 11th 2018, Google started rolling out changes to their policy on API key usage and the fee structure associated with the key usage. Prior to June 2018, a key could be obtained and used without adding a payment method to the Google account that the API key was obtained from. A web request could also be made without an API key. As of June 11th, 2018 an API key must be sent with each request and as of July 16th, 2018, a payment method is required on the Google account. If an API key was obtained by an unauthorized third party, it could potentially be used on another site and incur illegitimate charges. Google provides a means to restrict your API key usage and avoid unauthorized use, the details are below.
Solution:
Please see the following link for the most up to date info on restricting API keys, directly from Google.
There are two key methods for restricting API key usage, HTTP referrer restrictions and using a digital signature inline with requests. Using a digital signature in a viewer is not ideal because the URL required to create the signature needs to be static. Because Street View can be launched from any location and the URL contains the latitude and longitude values of the location, the URL would not be static.
For an HTML5 viewer using Google Street View as a 3rd Party Map under Linked Maps, we recommend using the HTTP referrer restrictions as detailed on Google's documentation site (see link above). The HTTP URL that the viewer will be launched with can be added into the Google Cloud Platform Console and this would ensure that the key could not be used in an alternate site. When adding a URL to the allowed referrer field, using a wild card URL would be more forgiving and less likely to result in an unwanted rejection. For example *.geocortex.com would allow maps.geocortex.com as well as mynewmap.geocortex.com without a need to add or update the URL in the Google account.
In addition to the API HTTP referrer restrictions, usage quotas can be implemented. This would allow you to implement various types of usage limits to minimize any fees incurred should limit your risk. For details on pricing and implementing quotas, please refer to the official Google documentation.
The HTTP referrer restrictions work with dynamic requests, as used in the 3rd party maps, but not with static Street View requests, which are typically be used in a report. Adding a quota limit would help limit the risk of charges due to static image requests.
On June 11th 2018, Google started rolling out changes to their policy on API key usage and the fee structure associated with the key usage. Prior to June 2018, a key could be obtained and used without adding a payment method to the Google account that the API key was obtained from. A web request could also be made without an API key. As of June 11th, 2018 an API key must be sent with each request and as of July 16th, 2018, a payment method is required on the Google account. If an API key was obtained by an unauthorized third party, it could potentially be used on another site and incur illegitimate charges. Google provides a means to restrict your API key usage and avoid unauthorized use, the details are below.
Solution:
Please see the following link for the most up to date info on restricting API keys, directly from Google.
There are two key methods for restricting API key usage, HTTP referrer restrictions and using a digital signature inline with requests. Using a digital signature in a viewer is not ideal because the URL required to create the signature needs to be static. Because Street View can be launched from any location and the URL contains the latitude and longitude values of the location, the URL would not be static.
For an HTML5 viewer using Google Street View as a 3rd Party Map under Linked Maps, we recommend using the HTTP referrer restrictions as detailed on Google's documentation site (see link above). The HTTP URL that the viewer will be launched with can be added into the Google Cloud Platform Console and this would ensure that the key could not be used in an alternate site. When adding a URL to the allowed referrer field, using a wild card URL would be more forgiving and less likely to result in an unwanted rejection. For example *.geocortex.com would allow maps.geocortex.com as well as mynewmap.geocortex.com without a need to add or update the URL in the Google account.
In addition to the API HTTP referrer restrictions, usage quotas can be implemented. This would allow you to implement various types of usage limits to minimize any fees incurred should limit your risk. For details on pricing and implementing quotas, please refer to the official Google documentation.
The HTTP referrer restrictions work with dynamic requests, as used in the 3rd party maps, but not with static Street View requests, which are typically be used in a report. Adding a quota limit would help limit the risk of charges due to static image requests.
Comments
0 comments
Article is closed for comments.