Stay organized with collections
Save and categorize content based on your preferences.
An API key is a simple encrypted string that you can use when calling
Google Cloud APIs. A typical use of an API key is to pass the key into a REST
API call as a query parameter with the following format:
API keys are useful for accessing public data anonymously, and are used to
associate API requests with the consumer Google Cloud project for
quotas and billing.
API Keys provides you a programmatic interface to create and manage API
keys for your project. It provides you more control over API keys
than the API key-related tasks that you can do
in the Google Cloud console.
To learn more about authenticating to Google Cloud APIs and to determine
the best authentication strategy for common scenarios, see
Authentication overview. To learn more about using
API keys for Google Maps Platform APIs and SDKs, see the Google Maps Platform
documentation.
Securing an API key
When you use API keys in your applications, ensure that they are kept secure
during both storage and transmission. Publicly exposing your credentials can
result in your account being compromised, which could lead to unexpected charges
on your account. To help keep your API keys secure, follow these best practices:
Do not embed API keys directly in code. API keys that are embedded in code
can be accidentally exposed to the public. For example, you may forget to
remove the keys from code that you share. Instead of embedding your API keys
in your applications, store them in environment variables or in files outside
of your application's source tree.
Delete unneeded API keys to minimize exposure to attacks.
Rotate your API keys periodically. To rotate your API keys, call
the CreateKey method. After
the replacement keys are created, update your applications to use the
newly-generated keys and delete the old keys.
Review your code before publicly releasing it. Ensure that your code does not
contain API keys or any other private information before you make your code
publicly available.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eAPI keys are encrypted strings used to access Google Cloud APIs, typically passed as a query parameter in REST API calls.\u003c/p\u003e\n"],["\u003cp\u003eAPI keys associate API requests with a specific Google Cloud project for quota and billing purposes, while also providing anonymous access to public data.\u003c/p\u003e\n"],["\u003cp\u003eBest practices for securing API keys include avoiding embedding them in code, restricting their usage, deleting unneeded keys, and periodically rotating keys.\u003c/p\u003e\n"],["\u003cp\u003eThe API Keys interface allows for programmatic creation and management of keys, offering more control than the Google Cloud console alone.\u003c/p\u003e\n"],["\u003cp\u003eProper security, like regularly reviewing code before releasing it, is paramount in handling API keys, as exposure can lead to account compromise and unexpected charges.\u003c/p\u003e\n"]]],[],null,["# API Keys Overview\n\nAn API key is a simple encrypted string that you can use when calling\nGoogle Cloud APIs. A typical use of an API key is to pass the key into a REST\nAPI call as a query parameter with the following format: \n\n```\nhttp://example-library.googleapis.com/v1/publishers/mypublisher/books?key=API_KEY\n```\n\nAPI keys are useful for accessing public data anonymously, and are used to\nassociate API requests with the consumer Google Cloud project for\n[quotas](/docs/quotas/overview) and [billing](/billing/docs).\n\nAPI Keys provides you a programmatic interface to create and manage API\nkeys for your project. It provides you more control over API keys\nthan the API key-related tasks that you can do\n[in the Google Cloud console](/docs/authentication/api-keys).\n\nTo learn more about authenticating to Google Cloud APIs and to determine\nthe best authentication strategy for common scenarios, see\n[Authentication overview](/docs/authentication). To learn more about using\nAPI keys for Google Maps Platform APIs and SDKs, see the [Google Maps Platform\ndocumentation](https://developers.google.com/maps/api-key-best-practices).\n\nSecuring an API key\n-------------------\n\nWhen you use API keys in your applications, ensure that they are kept secure\nduring both storage and transmission. Publicly exposing your credentials can\nresult in your account being compromised, which could lead to unexpected charges\non your account. To help keep your API keys secure, follow these best practices:\n\n- Do not embed API keys directly in code. API keys that are embedded in code\n can be accidentally exposed to the public. For example, you may forget to\n remove the keys from code that you share. Instead of embedding your API keys\n in your applications, store them in environment variables or in files outside\n of your application's source tree.\n\n- [Add restrictions on the API key](/api-keys/docs/add-restrictions-api-keys).\n By adding restrictions, you can reduce the impact of a compromised API key.\n\n- Delete unneeded API keys to minimize exposure to attacks.\n\n- Rotate your API keys periodically. To rotate your API keys, [call\n the `CreateKey` method](/api-keys/docs/create-manage-api-keys#create). After\n the replacement keys are created, update your applications to use the\n newly-generated keys and delete the old keys.\n\n- Review your code before publicly releasing it. Ensure that your code does not\n contain API keys or any other private information before you make your code\n publicly available.\n\nWhat's next\n-----------\n\n- [Get started using the API Keys](/api-keys/docs/get-started-api-keys)\n- [Why and when to use API keys](/endpoints/docs/openapi/when-why-api-key)"]]
