I recently received an email from Google alerting me that I'm using an unrestricted API key for Google Maps. I'm a bit confused about what this means. If I put the Google API key in my environment variables, isn't it still visible in the HTML? How can I keep it hidden from being displayed on the client side?
1 Answer
You really should head over to the Google Cloud console and restrict your API key based on how you plan to use it. If someone else gets a hold of your key, you could end up paying for their usage, and that wouldn't be fun! Check out some guides or videos for the step-by-step process.
Gotcha! I think I'm using the same key for my website, a React Native app, and my API server. Should I create different keys for each? Can they be restricted for all three uses?