Secure your Google Maps Platform usage by applying automated API key restrictions [286524779]

Assigned

Process

Status Update

No update yet.

Description

vi...@google.com

created issue #1

Jun 9, 2023 12:57PM

What is happening?

We are reaching out to several customers to help them secure their Google Maps Platform service usage. We have generated automatic restriction recommendations for API keys, based on their actual Google Maps Platform API usage over the last 60 days.

You will find these recommendations in the Google Cloud Console by navigating to Google Maps Platform > Credentials, where you will see a link to APPLY RECOMMENDED RESTRICTIONS for some API keys.

Note: After you apply a restriction recommendation, only the apps, websites and APIs you have authorized will be able to use the key.

For more information, please see the Google Maps Platform API security best practices, and especially its section Apply recommended API key restrictions.

What should I do to secure my API usage?

If you have received an email from the Google Maps Platform Support team, please read it through, and follow the links to the Google Cloud Console. For each listed project, you may see a number of automated recommendations for restricting your API keys.

To ensure everything goes smoothly, review each recommendation, and follow the provided instructions. Make sure to also click the CHECK API USAGE button to view the API key usage metrics before proceeding.

If you see usage from APIs that are not listed in the API restrictions, or see APIs, websites or applications that don't appear familiar, pause to read the instructions in the Apply recommended API key restrictions section of the Google Maps Platform API security best practices. The section contains further instruction for how to troubleshoot the situation.

Important: The recommendations only apply to Google Maps Platform APIs. If you also use a key with other Google services, the suggested restrictions will be incomplete, and will require thorough manual review.

If you notice inconsistencies in the automatically generated instructions, first see the linked troubleshooting steps, and if needed contact support.

What should I do if my application gets rejected after applying a recommendation?

If you notice that an app or website gets rejected after applying a restriction, look for the application restriction you need to add in the API response error message.

For client-side SDKs, see below:

Maps JavaScript API apps: see the browser debug console
Android apps: use Android Debug Bridge (adb) or Logcat
iOS apps: see Viewing Log Messages

To check your required API restrictions, see the Determine the APIs that use your API key section in the Google Maps Platform API security best practices.

If you are unable to determine which restrictions to apply:

Document the current restrictions for future reference
Then remove them temporarily while you investigate the issue.
If needed, contact support.

How do I stay informed?

If customers report issues, we will provide updates on this ticket, and will update the Google Maps Platform API security best practices when necessary. Star this ticket to receive automatic updates.

Comments

vi...@google.com <vi...@google.com> Sep 28, 2023 08:54AM

Marked as fixed.

vi...@google.com <vi...@google.com> #2Dec 13, 2024 05:57PM

Status: Assigned (reopened)

Dear developers, we will be running a new reach-out campaign in the near future to remind customers to secure their GMP API key credentials.

Also note that we have extended the automated API key restriction recommendations to include the Google Navigation SDK, and will continue adding new Google Maps Platform services to them over the coming months.

We will keep you posted!

Issue 286524779