The panic of the missing API key in 2018
Remember that? In 2018, I wrote a widely read article about Google Maps turning black on a massive scale. From the summer of that year, website visitors suddenly saw a dark map with a ‘for development purposes only’ watermark if the API key wasn’t implemented correctly. This caused major problems for many retailers: a malfunctioning store locator immediately led to lower conversion rates and a drop in customer trust.
Why an unsecured API key will cost you dearly today
Today, the problem is much more advanced and dangerous. It’s no longer about whether you have a working API key, but how well you have secured this Google Maps API key. For many companies, the management environment of their Google Cloud Console has been neglected over the years.
What is the risk? If your API key is not strictly protected with the right restrictions (such as HTTP referrers), a malicious party or competitor can simply copy your key from the source code. They place it on a completely different domain and generate traffic there. The result? Every time their map is loaded, you pay the bill for the API usage.
Google no longer compensates for API errors
And that API abuse can become incredibly expensive. In practice, we resolve these types of acute crisis situations for large retailers about five times a year. They are completely blindsided by unprecedented and unexpectedly high Google Maps invoices. While Google used to be lenient in waiving these costs, those days are over. Google no longer compensates for self-made configuration errors. Is your account compromised due to an exposed key? Then the bill is yours to pay.
How safe is the location data in your store locator?
Besides the financial risks of a hijacked key, there is another major danger: data theft. Today, it is alarmingly easy to scrape location data on a massive scale from unsecured store locators.
In many cases, your carefully built database of branches, dealers, and opening hours can be extracted and stored relatively easily. This means your valuable business data is essentially up for grabs for smart competitors who use it to their own advantage.
Take back control: Do the API and Data check
Don’t be caught off guard by a sky-high, irreversible invoice from Google Cloud or by competitors running off with your location data. Prevent problems and check your settings today:
- How do you check if your key is unsecured? Simply test whether you can load a map on a local or different domain using your own API key. Does it work? Then your key is wide open.
- How safe is your location data? Check if the data in your store locator is protected against unwanted scraping.
Is the check not working, or do you have doubts about the security of your Google Cloud Console and Maps integration? Contact us, we are happy to help you make everything watertight again.
