I've recently migrated my existing appengine application to use a API Key when using Google geocode and Timezone API calls as per the new pay per use API requests.
My problem is that when reading the best practices in regards to API keys, they talk about securing you API keys with various Restrictions. Since I'm using appengine to request the Google apis via a URLFetch call I've opted to use the HTTP Referrers method of securing my key. After doing some research I realize this can be spoofed, but some restrictions is better than none. The problem is, I cannot seem to figure out what URL to put in the "Accept requests from these HTTP referrers (websites) (Optional)" box. My requests to the Google API's are only ever coming from my backend so I'd like to restrict my key usage to the Google appengine URL of my project. However I've tried various combinations of *[APPID].appspot.com * but I always get an INVALID REQUEST upon requesting the API with restriction enabled. I cannot seem to find any documentation on how to restrict these API calls to the appengine server. Since the IP of appengine server is constantly changing (I'm assuming) I can't use that. [image: Capture.PNG] Any help is greatly appreciated. Thanks, Matt -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/78d4be79-dc21-48a2-b280-9c389cc1e1d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
