Restrict Google APIs by Server IP working behind Cloudflare

In order to prevent unwanted use of my Google API Keys (Geocoding API, Geolocation API, Maps Embed API, Maps JavaScript API, Places API), I want to restrict them to my server IP address (https://cloud.google.com/docs/authentication/api-keys?hl=en&visit_id=637051920208265070-800793200&rd=1). Problem with that, I’m using Cloudflare and my server IP is hidden behind the shared Cloudflare IPs. How can I do this? Did I miss something? I can’t specify the Cloudflare IP, because it is shared with others, I think. Thanks in advance for any help!

I presume this refers to requests coming from your server, right?

In this case, Cloudflare wont be involved at all and requests will still originate from your actual IP address. Hence you can filter on Google’s side just for your IP address.

1 Like

Hi @sandro, yes, I want to tell Google that the request is coming from our server. Unfortunately, as soon as I restrict the keys to our server IP address, I get an error. E.g. for map javascript api:
Google Maps JavaScript API error: RefererNotAllowedMapError
https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error. For me it seems that Google is not aware that the request is originating to our actual IP address.

That wouldnt be IP address related however and would not be about requests from your server. That seems to be client-side only and is a referrer issue.

You need to set the configuration so that Google accepts requests with your address as referrer. Thats not related to any IP addresses or server-side configuration but a regular service configuration. I am afraid that wouldnt really be Cloudflare related in that case.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.