DEV Community

sunflowerseed
sunflowerseed

Posted on

If you use a Google Map API Key, don't you need to put it in JavaScript and anybody can see it and use it too?

The Google Map API needs an account with billing to be able to try it. That mean we need to have an account with a credit card or with Google Play credit.

But once you try it on a website, doesn't it mean anybody can look at the JS source code and use that API key? How do you prevent your account from being charge for usage that wasn't yours?

Top comments (1)

Collapse
 
moritzruth profile image
Moritz Ruth

I think the API key is only valid for requests from a specified origin (= your domain).