cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Security on Google Maps extension

Highlighted
Amethyst

Security on Google Maps extension

Hello all,

I modified the Google MAps extension to use the HeatMaps API's and create a heatmap based on some data input. It is working well but I have a questions regarding security: in order to make the authentication i changed the metadata.xml file from the extension to include the AppKey that is required for using these APIs.

metadata.png

What happens is that when I run the Mashup, the AppKey shows up in the developer console, which is definitely not secure.As this API usage has a quota, in case the key leaks it can create unwanted billing. It is possible to define which URLs are allowed in the key configuration but I still do not feel comfortable on publishing the AppKey out there.

indexHTML.png

Does anyone have an idea of how I could secure this information?

Cheers

Ewerton

Tags (1)
4 REPLIES 4
Highlighted

Re: Security on Google Maps extension

Hi Everton,

Have you checked out the latest videos on how to integrate security into the mashup using Cryptosoft?  if you make a search for 'cryptosoft', you will find 6 videos, which may answer your questions. In short, the Cryptosoft extension allows you to encrypt and decrypt any data. Let me know what you think.

Kind regards

Frode

Highlighted

Re: Security on Google Maps extension

E.g.

Highlighted

Re: Security on Google Maps extension

Frode, thanks for the response.

From the videos it looks like it is managing the data in/out, but I did not see anything about criptography on the client configuration. My question is not necessarily related to the data itself, but with the extension configuration.

To config it I need to put the app key, that gets exposed in the client when I access the mashup. This is a problem in the extension setup not in the data itself.

Would it apply too?

Thanks

Ewerton

Highlighted

Re: Security on Google Maps extension

The Google API keys can also be secured from your Google account console so that it can only be used by certain IP addresses and referrer URLs.

  • Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.
Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum!