Geocoder API

Configuring restrictions for API keys

An API key can be linked to domains or IP addresses to restrict requests from other sources. This setting prevents you from using your key in third-party services.

Note

The restriction only applies to billable requests. The map will appear on another website, but billable operations won't work.

What restrictions can apply

IP address — Address of the device the request was sent from.  For requests sent from websites, this is the address of the user's device (not the address of the website hosting server). For requests sent from a server or local device, the IP matches the external address of the server or device.

Domain — Domain passed in the Referer header of a request. For requests sent from websites, the header is usually specified automatically and matches the page address. Some websites use containers or may not send the Referer. If a request is sent from a server or local device (for example, using curl), you should specify the header yourself.

How to add settings for API keys

Send us a list of allowed domains and IP addresses for your API key, and we'll add them to the settings.

How API key restrictions are checked

Key checks are performed as follows:

  • If both the IP address and domain are specified, only one value has to match. For example, a user from an unknown IP can use the map on the specified website.
  • If only the domain is specified, it must match the Referer header.
  • If only the IP address is specified, it must match the IP of the request source.
  • If the fields are empty, the map can be used on any domain and from any IP.

How to display a map in a container

When displaying the map in containers, such as WebView or iframe, the user's device may pass an invalid HTTP referer. Below are recommendations for working with popular containers.

iframe

Modern web browsers pass the address of a loaded page in the iframe element.

Android webView

When using webView on Android devices, specify the Referer header via the advanced loadUrl function:

// Website to be loaded to webView.
String url = "http://www.myserver.com/";

// Map indicating the Referer header.
Map<String, String> headers = new HashMap<String, String>();
headers.put("Referer", "http://www.mymap.com/map.html");

// Loading webView with required parameters.
WebView wv;
wv = (WebView) findViewById(R.id.webview);
wv.loadUrl(url, headers);
iOS UIWebView

When using UIWebView on iOS devices, specify the Referer header in a request sent to UIWebView. Do this using the - setValue:forHTTPHeaderField: method. For example, you can specify it as follows:

NSMutableURLRequest* request = ...;
[request setValue:@"http://www.mymap.com" forHTTPHeaderField: @"Referer"];
In this article: