4 Replies Latest reply on Jan 8, 2018 11:52 AM by ewertonm RSS
    ewertonm Creator

    Security on Google Maps extension

    Hello all,


    I modified the Google MAps extension to use the HeatMaps API's and create a heatmap based on some data input. It is working well but I have a questions regarding security: in order to make the authentication i changed the metadata.xml file from the extension to include the AppKey that is required for using these APIs.


    What happens is that when I run the Mashup, the AppKey shows up in the developer console, which is definitely not secure.As this API usage has a quota, in case the key leaks it can create unwanted billing. It is possible to define which URLs are allowed in the key configuration but I still do not feel comfortable on publishing the AppKey out there.



    Does anyone have an idea of how I could secure this information?




      • Re: Security on Google Maps extension
        fnilsen Apprentice

        Hi Everton,


        Have you checked out the latest videos on how to integrate security into the mashup using Cryptosoft?  if you make a search for 'cryptosoft', you will find 6 videos, which may answer your questions. In short, the Cryptosoft extension allows you to encrypt and decrypt any data. Let me know what you think.


        Kind regards


        • Re: Security on Google Maps extension
          saeedma Apprentice

          The Google API keys can also be secured from your Google account console so that it can only be used by certain IP addresses and referrer URLs.


          • Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.