API keys are credentials, and like passwords, they should be protected and managed carefully. Publicly exposing unsecured Google Maps Platform credentials can result in unintended use, which could lead to unexpected charges on your account.
Below we’ll show you how to restrict the use of the API keys to your checkout page to ensure the full functionality of the API key and the security of your API credentials. See Google’s API Key Best Practices to learn more.
Edit your API key and make the following changes:
- Select HTTP referrers (websites) in Application restrictions
- Enter the URL for your checkout page in the Website Restrictions section
- Choose Restrict key under API restrictions
- Add Places API and Maps JavaScript API in Select APIs dropdown.