Title: Exposing our API key Last modified: March 10, 2023 --- # Exposing our API key * Resolved [SRD75](https://wordpress.org/support/users/srd75/) * (@srd75) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/) * Hi, * Our Google Cloud Maps API key is exposed in the source code of our website. * Is this okay, or not? * In the source code, I see it is related to wp-google-maps. Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [DylanAuty](https://wordpress.org/support/users/dylanauty/) * (@dylanauty) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16545990) * Hi [@srd75](https://wordpress.org/support/users/srd75/), * Thank you for getting in touch, we do appreciate your time. * Yes, to confirm, the API key is localized on the website to allow us to make calls to the API for common requests, such as geocoding (converting addresses into coordinates), as an example. * With that said, as part of our setup guide, you should have been asked to restrict your key to your website as shown here: [Restricting API Access](https://docs.wpgmaps.com/r7Y5-protecting-your-google-maps-api-key-from-unauthorized-use-setting-up-website-restrictions-http-referrers) * If you have added your restrictions in the past, your key is fully protected and can only be used on your website. Alternatively, if you have not setup these restrictions, we would highly recommend doing this now, and regenerating your API key for good measure. * I hope this helps? * Thread Starter [SRD75](https://wordpress.org/support/users/srd75/) * (@srd75) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16547154) * Yes, that helps, thanks. * Do other plugins do things differently, not exposing the API key in the source code? * Plugin Author [DylanAuty](https://wordpress.org/support/users/dylanauty/) * (@dylanauty) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16547383) * Hi [@srd75](https://wordpress.org/support/users/srd75/), * Great to hear. Some plugins may only expose the API key as part of the API request, which must be present for the Google Maps API to be loaded. * We believe the emails which some users are receiving at the moment refer to the second localization (inclusion to source) of the key that our plugin makes, which is within the settings object loaded on the site. * We’re currently looking into whether or not that second inclusion is necessary, if not, it will be obscured/removed. This would be done in our next update, to prevent Google from mistakenly sending out the email users are getting regarding their keys. * As mentioned, as long as your key has restrictions present, everything should be fine as the key is only usable on that domain. * Thread Starter [SRD75](https://wordpress.org/support/users/srd75/) * (@srd75) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16547432) * OK, thank you, Dylan. * Plugin Author [DylanAuty](https://wordpress.org/support/users/dylanauty/) * (@dylanauty) * [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16547454) * Only a pleasure, have a great day! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Exposing our API key’ is closed to new replies. * ![](https://ps.w.org/wp-google-maps/assets/icon-256x256.png?rev=3058363) * [WP Go Maps - Google Maps, OpenStreetMap, Leaflet Map](https://wordpress.org/plugins/wp-google-maps/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-google-maps/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-google-maps/) * [Active Topics](https://wordpress.org/support/plugin/wp-google-maps/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-google-maps/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-google-maps/reviews/) * 5 replies * 2 participants * Last reply from: [DylanAuty](https://wordpress.org/support/users/dylanauty/) * Last activity: [3 years, 3 months ago](https://wordpress.org/support/topic/exposing-our-api-key/#post-16547454) * Status: resolved