Set up the Maps Embed API

  • Google Maps Platform secures its products by requiring API keys for authentication and billing purposes.

  • API keys can be created and managed through the Google Cloud Console or the Cloud SDK.

  • Restricting API keys to specific websites and APIs enhances security by limiting unauthorized usage.

  • All Maps Embed API requests must include your API key as a parameter for authentication.

This document describes the prerequisites for using the Maps Embed API, how to enable it, and then how to make an authenticated request.

Ensure that you meet the prerequisites.

Enable the API in your Google Cloud project.

Configure an API key to make an authenticated API request.

Google Maps Platform products are secured from unauthorized use by requiring API calls to include an API key.

Get an API key for use with Maps Embed API

An API key is a unique alphanumeric string that associates your Cloud Billing account and Google Cloud project with the request your application makes to a Google Maps Platform API or SDK.

To add Maps Embed API to an API key:

Console

  1. Go to the Google Maps Platform > Keys & Credentials page.

    Go to the Keys & Credentials page

  2. If prompted, select an existing project.

  3. The list of available keys appears under API Keys.

    If you don't have an API key, or you want to create an API key for use with the Maps Embed API, create a new API key:

    1. On the Keys & Credentials page, click + Create credentials > API key.

      The API key created dialog displays your newly created API key.

  4. Click the Name of an API key to edit the key.

  5. On the edit page, under Key restrictions:

    • Under Application restrictions, if any option other than None is selected, only requests originating from those sources are permitted. For more information, see Restrict your API keys.

    • Under API restrictions:

      • If Restrict key is selected, select the drop-down box to add the Maps Embed API to the API key.
      • If Don't restrict key is selected, then you can use the API key to make requests to Maps Embed API.

      Remember to restrict the API key before using it in production.

  6. Select Save.
  7. Select Show key for the key you edited to display the key's alphanumeric string. Pass that string to the example request shown in the next section.

gcloud

  1. Get the ID of the key that you want to update.

    The ID is not the same as the display name or the key string. You can get the ID by using the following gcloud command to list the keys in your project.

    gcloud services api-keys list

    The ID is part of the name field of the response for each key:

    name: projects/PROJECT_ID/locations/global/keys/KEY_ID

  2. If you don't have an API key, or you want to create an API key for use with the Maps Embed API, create a new API key:

    gcloud services api-keys create \
    --project "PROJECT" \
    --display-name "DISPLAY_NAME"

    Read more about the Google Cloud SDK , Cloud SDK installation , and the following commands:

  3. Use the gcloud services api-keys update command to specify which services an API key can be used to authenticate to.

    Replace the following values:

    • KEY_ID: The ID of the key that you want to restrict.

    • SERVICE_1, SERVICE_2...:

      The service names of the APIs that the key can be used to access. You must provide all service names with the update command; the service names provided replace any existing services on the key.

    You can find the service name by searching for the API on the API dashboard. For the Maps Embed API, the service names maps-embed-backend.googleapis.com.

    gcloud services api-keys update KEY_ID \
--api-target=service=maps-embed-backend.googleapis.com \
--api-target=service=SERVICE_1 --api-target=service=SERVICE_2

Make an API request

Make a Maps Embed API request to display the path between Oslow and Telemark, Norway, the distance, and travel time avoiding tolls and highways. You must include your API key's alphanumeric string with every request and use HTTPS for requests that include the API key.

  1. Click API_KEY in the code below to insert the key's alphanumeric string:

    <iframe class="map-top"
    width="598"
    height="450"
    src="https://www.google.com/maps/embed/v1/directions?key=YOUR_API_KEY
    &origin=Oslo+Norway&destination=Telemark+Norway&avoid=tolls|highways" allowfullscreen></iframe>
  2. Open your default text editor.
  3. Create an HTML file and name it index.html.
  4. Add the following code with the iframe you generated above: 
    <html>
  <!-- Replace this code comment with your iframe. -->
</html>
  5. Save your index.html HTML file.
  6. Load the HTML file in a web browser by dragging it from your desktop onto your browser; alternatively, double-clicking the file works on most operating systems.

The embedded map appears as:

The embedded map showing the path between Oslo and Telemark, Norway.

Apply API key restrictions

Google strongly recommends that you restrict your API keys by limiting their usage to those only APIs needed for your application. Restricting API keys adds security to your application by protecting it from unwarranted requests. You are financially responsible for charges caused by abuse of unrestricted API keys. For more information, see Google Maps Platform security guidance.

API keys support two types of restrictions:

For more information on applying restrictions, see Restrict your API keys.

What's next

Now that you have enabled Maps Embed API and made a successful request, see Embedding a map to learn more about using the API.