Generate Image URL from image reference using Google places API without revealing API key

0
votes

I am using Google places Web Service API for my Android Application. There is a reason for not using the Android SDK, so please dont suggest on using the SDK

The Problem:

I am able to retrieve the image as per the documentation

https://developers.google.com/places/web-service/photos

This is how I get the image:

https://maps.googleapis.com/maps/api/place/photo?maxwidth=400&photoreference=CnRtAAAATLZNl354RwP_9UKbQ_5Psy40texXePv4oAlgP4qNEkdIrkyse7rPXYGd9D_Uj1rVsQdWT4oRz4QrYAJNpFX7rzqqMlZw2h2E2y5IKMUZ7ouD_SlcHxYq1yL4KbKUv3qtWgTK0A6QbGh87GB3sscrHRIQiG2RrmU_jF4tENr9wGS_YxoUSSDrYjWmrNfeEHSGSc3FyhNLlBU&key=YOUR_API_KEY

But, my API key is exposed during the request. Anybody could use it and it can affect my quotas and Billing. How can I get the image without exposing my API Key?

1
androidapigoogle-places-api
You can limit the scope of using an API Key through developer console.Kartik Ohri
Can u elaborate on what you said? dint get itAbhinav
The answer below has already elaborated it- @abhinavKartik Ohri

1 Answers

1
votes

Good Day.

Google provides a generic best practice for the API Key creation and this should be followed for securing the API Keys while generating it.

This best practice can be adhered while with dealing with Google products such as Google Maps API, Google Places API and so on.

Best Practice for securing the API Key

With regards to Google Places API, please go through the below image which is the snapshot of official document conveys how to secure the API Key.

While creating your key in the Google API Console, please ensure that you followed the instruction of the set up credentials wizard completely because it conveys how to secure the key, as well as prompt you for URLs you wish to authenticate/secure.

Reference Link: https://developers.google.com/places/web-service/get-api-key

enter image description here