cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

Security on Google Maps extension

emoreira
12-Amethyst

Security on Google Maps extension

Hello all,

I modified the Google MAps extension to use the HeatMaps API's and create a heatmap based on some data input. It is working well but I have a questions regarding security: in order to make the authentication i changed the metadata.xml file from the extension to include the AppKey that is required for using these APIs.

metadata.png

What happens is that when I run the Mashup, the AppKey shows up in the developer console, which is definitely not secure.As this API usage has a quota, in case the key leaks it can create unwanted billing. It is possible to define which URLs are allowed in the key configuration but I still do not feel comfortable on publishing the AppKey out there.

indexHTML.png

Does anyone have an idea of how I could secure this information?

Cheers

Ewerton

4 REPLIES 4

Hi Everton,

Have you checked out the latest videos on how to integrate security into the mashup using Cryptosoft?  if you make a search for 'cryptosoft', you will find 6 videos, which may answer your questions. In short, the Cryptosoft extension allows you to encrypt and decrypt any data. Let me know what you think.

Kind regards

Frode

E.g.

emoreira
12-Amethyst
(To:fnilsen)

Frode, thanks for the response.

From the videos it looks like it is managing the data in/out, but I did not see anything about criptography on the client configuration. My question is not necessarily related to the data itself, but with the extension configuration.

To config it I need to put the app key, that gets exposed in the client when I access the mashup. This is a problem in the extension setup not in the data itself.

Would it apply too?

Thanks

Ewerton

smanley
13-Aquamarine
(To:emoreira)

The Google API keys can also be secured from your Google account console so that it can only be used by certain IP addresses and referrer URLs.

  • Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.
Top Tags