The Google Maps API Premier team looks to customer input as we build tools that enrich websites, applications, and devices with location information. Customers frequently tell us that the higher than standard limits on web services such as geocoding and static maps are among the most valuable aspects of Maps API Premier.
However, any web service can be vulnerable to anonymous automated access. To further protect our Premier customers from unauthorized use of their client IDs, we’re adding an additional layer of security to Google Maps API Premier.
Starting today, we will be issuing a private cryptographic key, unique to each account, to all Maps API Premier customers. From now on, requests made to certain web services from Maps API Premier accounts will need to be “signed” with this key. This security enhancement will ensure that requests are authorized by the owner of the Maps API Premier client ID specified in the request.
Existing Maps API Premier customers should expect to receive an email from Google within the next 10 days containing their private cryptographic key. For documentation explaining how to use this cryptographic key to sign requests, please refer to the Maps API Premier Developer Guide. The Static Maps V2 API is the first API to support URL signing.
As of March 2, 2010, requests made to the Static Maps V2 API will need to be signed to be accepted. However, for added security, we encourage you to begin signing requests you make to this service now.
By enhancing the security of our services we better protect the interests of our customers and of our data content partners. I’m excited to continue to develop the secure infrastructure that support ongoing innovation from Google – and for our customers.
Posted by Daniel Chu, Product Manager, Google Enterprise Maps & Earth team
No comments:
Post a Comment