使用Google地图js API时是否需要隐藏API密钥?如果是这样,怎么样? [英] Do I need to hide API key when using google maps js API? If so, how?
问题描述
根据 https://developers.google.com/maps/documentation/ javascript / tutorial#HTML5 ,
,似乎我可以将以下标记添加到我的html并开始使用maps js API。
< script async defer
src =https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap>
< / script>
但是这会显示我的API密钥。
<在google上搜索并在stackoverflow上浏览答案后,我觉得可能没有必要隐藏这个API密钥。我只需要在google上创建API密钥时设置引用者,如
中所述。 https://stackoverflow.com / a / 2256312/1316649
因此,即使其他人知道我的API密钥,他们也无法从其他域使用它。我对吗?
但谷歌表示您不应该在代码中嵌入API密钥:
https://support.google.com/cloud/answer/6310037
使用Google地图js API时,我需要隐藏API密钥?如果是这样,怎么样?
更新:通过'API key',我的意思是浏览器API key。
Google地图有多种类型的API密钥。有一些浏览器密钥,在嵌入客户端库时会用到,并且可以向人们展示(您需要在客户端使用它,所以您无法避免这种情况)。然后有用于诸如地理编码服务的服务器端密钥。这些应该是保密的。
只要确定您使用的是浏览器键即可。
According to https://developers.google.com/maps/documentation/javascript/tutorial#HTML5 , it seems I can add the following tag to my html and start using maps js API.
<script async defer
src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap">
</script>
But this will reveal my API key.
After searching on google and browsing answers on stackoverflow, I feel that maybe there is no need to hide this API key. I just need to set the referer when I create the API key on google, as explained in https://stackoverflow.com/a/2256312/1316649
So, even others know my API key, they cannot use it from another domain. Am I right?
But google says you shouldn't embed API key in code: https://support.google.com/cloud/answer/6310037
So, do I need to hide API key when using google maps js API? If so, how?
Update: By 'API key', I meant browser API key.
There are multiple types of API keys for Google Maps. There's browser keys, which are to be used when embedding the client side libraries, and that's OK to reveal to people (you need to use it on the client side so you can't avoid that anyway). Then there's server-side keys which are used for things such as geocoding services. Those are supposed to be kept secret.
Just make sure you're using a browser key.
这篇关于使用Google地图js API时是否需要隐藏API密钥?如果是这样,怎么样?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
