[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-18 UTC."],[[["\u003cp\u003eGoogle Maps Platform products require API keys for authentication and billing purposes, linking your project and Google billing account.\u003c/p\u003e\n"],["\u003cp\u003eAPI keys can be created and managed through the Google Cloud Console or the Cloud SDK.\u003c/p\u003e\n"],["\u003cp\u003eIt is highly recommended to restrict API keys by limiting their usage to specific APIs and IP addresses for enhanced security.\u003c/p\u003e\n"],["\u003cp\u003eInclude your API key in every Maps Static API request using HTTPS, ensuring proper URL encoding and character limits.\u003c/p\u003e\n"],["\u003cp\u003eFor optimal security, consider using digital signatures in addition to API keys for Maps Static API requests.\u003c/p\u003e\n"]]],[],null,["Google Maps Platform products are secured from unauthorized use by restricting API calls\nto those that provide proper authentication credentials. These credentials are in the form of\nan API key - a unique alphanumeric string that associates your Google billing account with your\nproject, and with the specific API or SDK.\n\nThis guide shows how to create, restrict, and use your API key for Google Maps Platform.\n\nBefore you begin\n\nBefore you start using the Maps Static API, you need a project with a billing account and the\nMaps Static API enabled. To learn more, see [Set up in Cloud console](/maps/documentation/maps-static/cloud-setup).\n\nCreating API keys\n\nThe API key is a unique identifier that authenticates requests associated with your project for\nusage and billing purposes. You must have at least one API key associated with your project.\n\nTo create an API key:\n\nConsole \n\n1. Go to the **Google Maps Platform \\\u003e Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/project/_/google/maps-apis/credentials?utm_source=Docs_CreateAPIKey&utm_content=Docs_static-maps-backend)\n2. On the **Credentials** page, click **Create credentials \\\u003e API key** . \n The **API key created** dialog displays your newly created API key.\n3. Click **Close.** \n The new API key is listed on the **Credentials** page under **API keys** . \n (Remember to [restrict the API](/maps/api-security-best-practices#restricting-api-keys) key before using it in production.)\n\nCloud SDK \n\n```bash\ngcloud services api-keys create \\\n --project \"\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e\" \\\n --display-name \"\u003cvar translate=\"no\"\u003eDISPLAY_NAME\u003c/var\u003e\"\n```\n\nRead more about the\n[Google Cloud SDK](https://cloud.google.com/sdk)\n,\n[Cloud SDK installation](https://cloud.google.com/sdk/docs/install)\n, and the following commands:\n\n- [`gcloud services api-keys create`](https://cloud.google.com/sdk/gcloud/reference/services/api-keys/create)\n\nRestricting API keys\n\nGoogle strongly recommends that you restrict your API keys by limiting their usage to those only\nAPIs needed for your application. Restricting API keys adds security to your application by\nprotecting it from unwarranted requests. **You are financially responsible for charges caused by abuse of unrestricted API keys.** For more information, see\n[API security best practices](/maps/api-security-best-practices#restrict_apikey).\n\n| When restricting an API key in the Cloud console, **Application restrictions** override any APIs enabled under **API restrictions**. Follow best practices by creating a separate API key for each app, and for each platform on which that app is available.\n\nIn addition to restricting your API keys, you should sign requests for this API. For more\ninformation, see\n[API security best practices](/maps/api-security-best-practices#protect_apps_using_static_web_apis).\n\nTo restrict an API key:\n\nConsole\n\n1. Go to the **Google Maps Platform \\\u003e Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/project/_/google/maps-apis/credentials?utm_source=Docs_RestrictAPIKey&utm_content=Docs_static-maps-backend)\n2. Select the API key that you want to set a restriction on. The API key property page appears.\n3. Under **Key restrictions**, set the following restrictions:\n - Application restrictions:\n 1. To accept requests from the list of web server IP addresses that you supply, select **IP addresses (web servers, cron jobs, etc.)** from the list of **Application restrictions** . Specify one or more IPv4 or IPv6 address, or subnet using CIDR notation. The IP addresses must match the source address the Google Maps Platform servers observe. If you use [network\n address translation (NAT)](https://en.wikipedia.org/wiki/Network_address_translation), this would typically correspond to your machine's *public* IP address.\n - API restrictions:\n 1. Click **Restrict key**.\n 2. Select **Maps Static API** from **Select APIs** dropdown. If the Maps Static API is not listed, you need to [enable](/maps/documentation/maps-static/cloud-setup#enabling-apis) it.\n4. To finalize your changes, click **Save** . \n\nCloud SDK\n\n\nList existing keys. \n\n```bash\ngcloud services api-keys list --project=\"\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e\"\n```\n\n\nClear existing restrictions on existing key. \n\n```bash\ngcloud services api-keys update \"projects/\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e/keys/\u003cvar translate=\"no\"\u003eKEY_ID\u003c/var\u003e\" \\\n --clear-restrictions\n```\n\n\nSet new restrictions on existing key. \n\n```bash\ngcloud services api-keys update projects/PROJECT/locations/global/keys/KEY_ID \\\n --api-target=service=static-maps-backend.googleapis.com\n --allowed-ips=\"\u003cvar translate=\"no\"\u003eIP_ADDRESS\u003c/var\u003e\"\n```\n\nRead more about the\n[Google Cloud SDK](https://cloud.google.com/sdk)\n,\n[Cloud SDK installation](https://cloud.google.com/sdk/docs/install)\n, and the following commands:\n\n- [`gcloud services api-keys update`](https://cloud.google.com/sdk/gcloud/reference/services/api-keys/update)\n- [`gcloud services api-keys lookup`](https://cloud.google.com/sdk/gcloud/reference/services/api-keys/lookup)\n- [`gcloud services api-keys list`](https://cloud.google.com/sdk/gcloud/reference/services/api-keys/list)\n\nAdding the API key to your request\n\nYou must include an API key with every Maps Static API request. In the following example,\nreplace `YOUR_API_KEY` with your API key.\n`https://maps.googleapis.com/maps/api/staticmap?center=Z%C3%BCrich&zoom=12&size=400x400&key=`YOUR_API_KEY\n\nHTTPS is required for requests that use an API key.\n| **Note:** When using Web Services, all special characters inside the parameters must be URL encoded. URLs must be properly encoded to be valid and are limited to 2048 characters for all web services. Be aware of this limit when constructing your URLs. Different browsers, proxies, and servers may have different URL character limits as well.\n\nWhat's next\n\nMaps Static API requests should also [use a digital signature](/maps/documentation/maps-static/digital-signature)."]]
