How to secure a Google Maps API key
Our Local SEO plugin allows you to add Google Maps API keys. To prevent quota theft, secure your API key following these best practices. There are two types of restrictions: application restrictions and API restrictions. In this article, we’ll explore both of these restrictions. If you need help setting up your key, check out our guide for generating and setting up a Google Maps API key first.
Table of contents
There are other options depending on your preferred URL format. Learn more here. If you are unsure as to what HTTP referrer to add, please contact your web host or server admin.
The Yoast Local SEO plugin uses the following APIs:
- Directions API (browser key)
- Timezone API (browser key)
- Geocoding API (server key)
How to remove Google Maps API restrictions
We highly recommend securing your API key to prevent others from using your quota. The downfall is that incorrect restrictions can cause the maps to fail. Temporarily removing the restrictions will help identify if the restrictions are causing unexpected behaviors.
- Go to Google API Console.
If prompted, log in.
- Select your site project.
- Click on the name of your API key.
- Select ‘None’ under the ‘Application restrictions’ section.
- Select ‘Don’t restrict key’ under ‘API restrictions’ section.
- Click ‘Save’.
Google says it may take up to 5 minutes for the settings to take effect.
After 5 minutes, start from your homepage and browse to where the map should appear. If the map appears, the restrictions were invalid. Please re-add the restrictions one option at a time to determine which restriction caused the map to not appear.