Looking at the developers guide for the Google Maps Javascript API v3 it explains first about how to obtain an API, then shows examples of including that key in the HEAD section of an HTML page e.g.
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<style type="text/css">
html { height: 100% }
body { height: 100%; margin: 0; padding: 0 }
#map_canvas { height: 100% }
</style>
<script type="text/javascript"
src="http://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&sensor=SET_TO_TRUE_OR_FALSE">
</script>
Is there any need to keep this key secret, given it is used for rate-limiting and suchlike? In particular I’m thinking about if I put my work onto something public such as GitHub, do I need to remove my API_KEY before committing?
Is the answer in configuring within the google API settings that the key is only valid if it the webpage the key is within has been served from a domain name that I control?
UPDATE – was using:
http://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&sensor=SET_TO_TRUE_OR_FALSE” from Google tutorial linked above. Removed the api-key and all seems to work fine. Am confused about the Google tutorial telling me I need to use it though…
V3 doesn’t require a key, but there are some benefits to using one.
Note first off that this key is different than the old V2 key. It’s generated from the APIs console (http://code.google.com/apis/console). You pass it the same way, with a
keyparameter when loading the JS.Benefits of having a key include usage reports in the console, and a way for Google to contact you if you’re going over the quota regularly. You can also purchase additional quota through the console. Finally, if you’re using the Places API, it requires the use of a key.
You can set allowed referrers, so that your key can’t be used by others.