An API key is a simple encrypted string that you can use when callingGoogle Cloud APIs. A typical use of an API key is to pass the key into a RESTAPI call as a query parameter with the following format:
http://example-library.googleapis.com/v1/publishers/mypublisher/books?key=API_KEY
API keys are useful for accessing public data anonymously, and are used toassociate API requests with the consumer Google Cloud project forquota and billing.
API Keys provides you a programmatic interface to create and manage APIkeys for your project. It provides you more control over API keysthan the API key-related tasks that you can doin the Google Cloud console.
To learn more about authenticating to Google Cloud APIs and to determinethe best authentication strategy for common scenarios, seeAuthentication overview. To learn more about usingAPI keys for Google Maps Platform APIs and SDKs, see the Google Maps Platformdocumentation.
Securing an API key
When you use API keys in your applications, ensure that they are kept secureduring both storage and transmission. Publicly exposing your credentials canresult in your account being compromised, which could lead to unexpected chargeson your account. To help keep your API keys secure, follow these best practices:
Do not embed API keys directly in code. API keys that are embedded in codecan be accidentally exposed to the public. For example, you may forget toremove the keys from code that you share. Instead of embedding your API keysin your applications, store them in environment variables or in files outsideof your application's source tree.
Add restrictions on the API key.By adding restrictions, you can reduce the impact of a compromised API key.
Delete unneeded API keys to minimize exposure to attacks.
Rotate your API keys periodically. To rotate your API keys, callthe
CreateKey
method. Afterthe replacement keys are created, update your applications to use thenewly-generated keys and delete the old keys.Review your code before publicly releasing it. Ensure that your code does notcontain API keys or any other private information before you make your codepublicly available.
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-10 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]