All Collections
Fixing issues
Unsafe Google Maps API Token Issue
Unsafe Google Maps API Token Issue

What does this issue means and how to fix it?

Updated over a week ago

First of all, you have to know that your Google Maps API Key is public. This means that everyone can have access to it.

This issue is fired when those 2 conditions are met:

  • We found a Google Maps API Key in your app

  • We are allowed to send requests from our server

If these 2 conditions are met, it means that you did not restrict your Google Maps API Key to being triggered only from your app URL.

In other words, this means everyone could grab your API Key and use it normally when it will be you who will be billed.


In order to fix this issue, you have to restrict access to the Google Maps API using your API Key only from your app domain.

In order to do this, here are the steps you have to follow:

  1. Log in to your Google Cloud Console and navigate to "APIs and Services", and then to "Credentials". Here is a direct link.

  2. Click on the API Key you want to restrict (in my case, "Clé API 1").

  3. Under "Set an application restriction", choose "Websites"

  4. Then, enter these 4 values considering "myapp" as your App ID (See here how to find your App ID) and "mydomain" as your application domain.
    Please mind I add 2 times each URL: 1 normal, and 1 with 'version-test' to also allow requests from your test version.

  5. Once this is done, click the "Save" button.

Did this answer your question?