Anyone using google api with restriction? I need your help!

First of all I am sorry, this question is not related to elixir or phoenix.

I have deployed my application that is built with phoenix to Gigalixir for testing purpose(before going production)

I use google api to use Distance Matrix Api to calculate distance between addresses.
And I want to restrict api to be used only by my app. So I tried to do…
There are 2 options available for my case.
1, HTTP referer(web site)
2, IP address(for web server)

First, I tried second option using IP address, but GIgalixir(and maybe other Service ) won’t provide static ip address I guess.

Gigalixir doesn’t support static outgoing ip addresses at the moment, but some customers have had success using which is affordable and simple. Just configure your http client to make requests through the proxy. For example, with HTTPoison, something like this

Second, I tried first option like these**

But Google api denied request.

{:error, "REQUEST_DENIED", "API keys with referer restrictions cannot be used with this API."}

How do you guys use google api with restriction?
Do I have to use service like to get a static ip address for my webserver?
or I am missing something?

That VPN provider’s integrations page is the most remarkable collection of euphemisms for spamming I’ve ever seen - from “take your social media marketing to the next level” (by creating fake accounts and evading IP-based detection) to “combined with Residential proxies you’ll overcome restrictions and increase your chance of boosting your page rankings” (by posting spam everywhere and evading IP-based detection).

Assuming you’re storing the API key securely on Gigalixir, IP restriction (if it worked) wouldn’t get you much security.

1 Like

Thanks for your reply.
what is your recommendation?

  • create an API key specifically for the staging environment
  • put the API key in an environment variable (see the docs for your PaaS)

You could also consider using an IP range instead of a single fixed IP, but since Google Maps appears to only accept one CIDR-formatted value it might need to be very broad.