Saturday, 16 November 2019

How to protect Google Maps API key on Ionic app?

I have Ionic PWA app published for Android and iOS (I used Capacitor to generate the native build). In the frontend code, it has my Google Maps API key, however, I can't restrict it to any of the options google offers because...

  1. HTTP referrers - It's not on a public domain name, it's on a local host within the webview of the native app. http://localhost/ for Android and capacitor://localhost/ for iOS. It does not seem very secure to use these as restrictions as they are very generic, and all other apps will have the same ones.

  2. IP addresses - For obvious reasons.

  3. Android Apps - It's not within the native code, it's within a webview.
  4. iOS Apps - It's not within the native code, it's within a webview.

    enter image description here

None of these options can work for my situation. So how can I protect my API key from abuse?

Any ideas? I can't be the only the one using Google Maps API within an Ionic app.



from How to protect Google Maps API key on Ionic app?

No comments:

Post a Comment