5 lines
952 B
Plaintext
5 lines
952 B
Plaintext
Google API keys are used to authenticate applications that consume Google Cloud APIs. They are especially useful for accessing public data anonymously (like Google Maps), and are used to associate API requests with your project for quota and billing.
|
|
|
|
API keys are not strictly secret as they are often embedded into client side code or mobile applications that consume Google Cloud APIs. Still, they should be secured and should never be treated as public information.
|
|
|
|
An unrestricted Google API key being disclosed in a public source code would be used by malicious actors to consume Google APIs on the behalf of your application. This will have a financial impact as your organisation will be billed for the data consumed by the malicious actor. If your account has enabled quota to cap the API consumption of your application, this quota can be exceeded, leaving your application unable to request the Google APIs it requires to function properly. |