Hi LiveWhale!
This is more of a heads-up than anything, but our security team has identified that your Google maps_api_key is publicly visible and that “it is best practice to treat all API keys as sensitive credentials, as public exposure can lead to unauthorized use, service abuse, or violations of the provider’s terms of service.”
I’m certain that you’ve got this restricted as per Google Map’s security guidance documentation - this is to ensure our due diligence on our side.
Regards
Thanks Terry! Yep, in order to use the front-end “Embed” google maps views we must have the key be visible in the browser, so we’re aware of this limitation. That’s one reason we lock down our own API keys to only specific calendar.myschool.edu URLs. If anyone is using their own Google Maps API key, we heartily recommend that and you can also restrict by API app/service if you like.
Thanks Karl!
Yeah, sorry. We figured as much and is what our team has been trying to communicate. This helps clarify that it everything is secure on your end and that there is nothing of concern. This is simply how Google Maps works!
Regards
