谷歌地图javascript api-key（v3）需要保存在HTML中，保存在github中，如果是的话，如何？ [英] Does google maps javascript api-key (v3) need to be kept secret in HTML checked into github and if so, how?

问题描述

查看 Google Maps Javascript API v3的开发者指南，它首先解释关于如何获取API，然后显示在HTML页面的HEAD部分中包含该键的示例，例如

 < ;! DOCTYPE html> 
< html> 
< head> 
< meta name =viewportcontent =initial-scale = 1.0，user-scalable = no/> 
< style type =text / css> 
 html {height：100％} 
 body {height：100％;保证金：0; padding：0} 
 #map_canvas {height：100％} 
< / style> 
< script type =text / javascript
 src =http://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&sensor=SET_TO_TRUE_OR_FALSE> 
< / script> 
  

有没有必要保持这个密钥的秘密，因为它用于限速和类似？特别是我在考虑如果我把我的工作放到公有的地方，例如GitHub，我需要在提交之前删除我的API_KEY吗？

答案是在内部配置google API设置的关键是只有有效的，如果它的网页的关键是在从我控制的域名服务？

更新 - 正在使用：
http://maps.googleapis.com/maps/api/js?key = YOUR_API_KEY& sensor = SET_TO_TRUE_OR_FALSE 删除了api-key，似乎所有的工作都很好。对Google教程告诉我，我很困惑，虽然我需要使用它...

解决方案

V3不需要密钥，但使用密钥会带来一些好处。

首先请注意，此密钥与旧的V2密钥不同，它由API控制台（http://code.google.com/apis/co你可以用相同的方式传递它，加载JS时使用键参数。

一个关键包括控制台中的使用情况报告，以及如果您定期检查配额，Google会联系您的方式。您也可以通过控制台购买额外的配额。最后，如果您使用的是Places API，则需要键的使用。

您可以设置允许的引荐来源，以便您钥匙不能被他人使用。

Looking at the developers guide for the Google Maps Javascript API v3 it explains first about how to obtain an API, then shows examples of including that key in the HEAD section of an HTML page e.g.

<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<style type="text/css">
  html { height: 100% }
  body { height: 100%; margin: 0; padding: 0 }
  #map_canvas { height: 100% }
</style>
<script type="text/javascript"
    src="http://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&sensor=SET_TO_TRUE_OR_FALSE">
</script>

Is there any need to keep this key secret, given it is used for rate-limiting and suchlike? In particular I'm thinking about if I put my work onto something public such as GitHub, do I need to remove my API_KEY before committing?

Is the answer in configuring within the google API settings that the key is only valid if it the webpage the key is within has been served from a domain name that I control?

UPDATE - was using: http://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&sensor=SET_TO_TRUE_OR_FALSE" from Google tutorial linked above. Removed the api-key and all seems to work fine. Am confused about the Google tutorial telling me I need to use it though...

解决方案

V3 doesn't require a key, but there are some benefits to using one.

Note first off that this key is different than the old V2 key. It's generated from the APIs console (http://code.google.com/apis/console). You pass it the same way, with a key parameter when loading the JS.

Benefits of having a key include usage reports in the console, and a way for Google to contact you if you're going over the quota regularly. You can also purchase additional quota through the console. Finally, if you're using the Places API, it requires the use of a key.

You can set allowed referrers, so that your key can't be used by others.

这篇关于谷歌地图javascript api-key（v3）需要保存在HTML中，保存在github中，如果是的话，如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！