Google API keys - What is server key and browser key
I ma using google maps in my app, and use the URL as following format without the API key- values,
<script type="text/javascript"
src="https://maps.googleapis.com/maps/api/js?sensor=SET_TO_TRUE_OR_FALSE">
</script>
Now I need to use the API key to track the requests, according to the examples it needs to add another API key query string parameter,
<script type="text/javascript"
src="https://maps.googleapis.com/maps/api/js?key=API_KEY&sensor=SET_TO_TRUE_OR_FALSE">
</script>
But, I received 2 keys, One for servers (IP address restrictions) and one for browser apps (domain level restrictions) are as follows:
Server Key: XXXX Browser Key: YYYYY
Which key should I use in my app, should I use both of them? Could not find a good article on this.
Answer
This is relevant again now that Google just recently deprecated Browser Keys for its Web Services APIs.
Here are the current definitions:
Server keys
Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.
Browser keys
Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.