Connect your SeoToaster site Connect your WordPress site

Restrict Google API Key

Google provides some usage credits for the Maps Platform, but charges begin once those limits are exceeded. While the API key is securely stored in your website’s backend, it may not be restricted to specific websites.

This means that unauthorized third parties could potentially discover and use your key, leading to excessive usage of the free credits — and ultimately to unexpected charges on your Google Cloud account. Google clearly states that you’re responsible for any charges incurred from unrestricted API keys, including usage by unauthorized parties. Continued exposure could even result in account suspension.

What should you do?

To prevent this, you need to restrict your Google Maps Platform API key so that it can only be used by your authorized website(s). This is a simple process you can complete in the Google Cloud Console.

1. Log in to the Google Cloud Console

Go to console.cloud.google.com/ and sign in with the Google account associated with your Maps Platform project.

2. Navigate to Credentials

Click the menu icon (☰) at the top-left corner and go to APIs & Services → Credentials.

restrict api 1 go to menu.webp

3. Find your API key

On the Credentials page, locate the API key currently used on your website. If you received a direct email from Google, it might mention the specific key name.

restrict api 2 locate api key.webp
4. Edit the key

Click the key name to open the Edit API key page.

5. Set application restrictions

Scroll down to Application restrictions, and select: HTTP referrers (websites)

6. Add your website URLs

Under Website restrictions, click Add an item and enter your site URLs using this format: 

yourdomain.com/*
www.yourdomain.com/*

*.yourdomain.com/* (use this if you’re running websites on subdomains)

Make sure to include the asterisk (*) and both versions (with and without www) if needed.

7. Save your changes

Click Save at the bottom of the page. It may take a few minutes for the changes to take effect.

Once saved, your key should show all authorized domains listed with the restrictions properly applied.

restrict api 3 restrictions.webp

Important: Test Your Maps

After applying the restrictions, please visit your websites to confirm that the maps are still displaying and functioning properly (you can find the map at the bottom of the home page of every franchisee website). If something isn’t working, double-check the URLs you added for typos or missing entries.

Additional Resources from Google:
Download our Social Media and CRM Mobile Apps for your Iphone Download our Social Media and CRM Mobile Apps for your Android Phone Sign Up Login