Google Maps API Key: Complete Guide to Get Started in 2025

You want to integrate Google Maps on your website, mobile app, or access Google’s mapping data? You need an API key.

It’s simpler than it seems. This article shows you how to create it in 5 steps, secure it properly, and integrate it into your project — without any hassle.

What is a Google Maps API Key?

An API key is a unique string generated by Google. It works as an identifier: it authenticates your application and allows access to Google Maps services.

In practical terms: your app or website sends this key to Google. Google checks that you have the right to use the API, then returns the data (maps, addresses, geolocation, etc.).

Why an API Key is Necessary

Google uses API keys for three reasons:

1. Authentication — Google knows it’s you making the request, not someone else
2. Usage tracking — Google measures how many times you call the API (for billing)
3. Security — You can restrict usage to certain domains or applications

Without an API key, Google wouldn’t know who you are. With it, you can use Maps JavaScript, Directions, Geocoding, Distance Matrix, and 10+ other services.

Different Types of Google Maps API Keys

Google offers several types of keys based on your needs:

API Key for Web (JavaScript) Used to display interactive maps on a website. This is the most common. Example: you have a restaurant website, and you integrate a map to show your location.

API Key for Android Dedicated to Android apps. You configure it with the SHA-1 of your application certificate.

API Key for iOS Dedicated to iOS apps. You configure it with your app's Bundle ID.

API Key for Geolocation Access to the Geolocation API to locate a user (IP address, WiFi access points, etc.).

API Key for Street View Integration of Street View images into your app or website.

Each type has its own restrictions and configurations. You can create multiple keys for different projects.

Step 1: Create a Google Cloud Platform Account

First of all, you need a Google Cloud Platform (GCP) account. This is the central console where you manage all Google APIs.

Prerequisites

• A Gmail account (mandatory)
• A valid payment method (even for the free trial)

Create Your GCP Account

1. Go to Google Cloud
2. Click on “Free Trial” (at the top right)
3. Sign in with your Gmail account
4. Accept the terms and enter your payment information

Google gives you $300 in free credits for 90 days. You won’t be charged until you exceed this amount.

What You Get with the Free Trial

• Full access to Google Cloud Platform
• Free usage of most APIs (with limits)
• Credits for paid services
• Basic technical support

Once your account is created, you access the GCP Dashboard. This is your starting point for everything.

Step 2: Create and Configure a GCP Project

A GCP project is a container for your APIs, credentials, and configurations. Each project is isolated from others — this is useful if you manage multiple apps or websites.

Create a New Project

1. Sign in to console.cloud.google.com
2. At the top left, you see “Select a Project” (with a small dropdown menu)
3. Click on it
4. A window opens. Click on “NEW PROJECT”
5. Name your project (e.g., "My Maps Site" or "Mobile App v1")
6. Select an organization (or leave it blank)
7. Click on “Create”

Google creates the project. It takes a few seconds.

Select Your Project as Active

Once created, go back to the “Select a Project” menu and click on your new project to activate it.

You are now in your project. You will see the Dashboard with empty statistics (normal, you haven’t activated anything yet).

Why Create a Dedicated Project?

If you have multiple sites or apps, create one project per site. This allows you to: - Manage API keys separately - Track costs by project - Revoke a key without affecting other projects - Share access to a project without sharing all your projects

Step 3: Enable Google Maps APIs

Now that your project exists, you need to enable the APIs you will use.

Access the API Library

1. In the left sidebar menu, click on “APIs & Services”
2. Then click on “Library”

You will see a list of hundreds of Google APIs. You will search for the one you need.

Search and Enable an API

If you want to display an interactive map on a website: 1. Search for “Maps JavaScript API” 2. Click on the result 3. Click on “Enable”

Google enables the API for your project. It takes a few seconds.

If you want to convert an address to GPS coordinates: 1. Search for “Geocoding API” 2. Click on “Enable”

If you want to calculate routes: 1. Search for “Directions API” 2. Click on “Enable”

You can enable multiple APIs in the same project. They will share the same API key (or separate keys, it’s up to you).

Check if the API is Enabled

Go to “APIs & Services” → “Enabled APIs”. You will see the list of all the APIs you have enabled for this project.

Step 4: Create Your Google Maps API Key

Now that the API is enabled, you need to create the API key that will authenticate your application.

Generate the Key

1. Go to “APIs & Services” → “Credentials”
2. At the top, click on “+ Create Credentials”
3. Select “API Key”

Google automatically generates an API key. It looks like this:

AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx

It’s a long string. Copy it and keep it somewhere (you will need it very soon).

Name Your Key

By default, Google calls it "API key 1". That’s not very useful. Rename it:

1. Click on the pencil icon next to your key
2. Give it a descriptive name (e.g., "Maps Web Site", "Mobile App Android")
3. Click on “Save”

This helps you keep track if you have multiple keys.

Step 5: Secure Your API Key

WARNING: An unsecured API key can be used by anyone. Someone could steal your key and make thousands of calls to the API — and you would be charged.

That’s why you MUST restrict the usage of your key.

Set HTTP Referrer Restrictions

This is the most common method for a website.

1. Go to “Credentials”
2. Click on your API key
3. In “Key Restrictions”, select “HTTP Referrer Restriction”
4. Click on “Add an Item”
5. Enter your domain: https://mysite.com/*
6. Click on “Save”

Now, your API key only works on mysite.com. If someone tries to use it from another domain, Google denies it.

Set Restrictions for a Mobile App

For Android or iOS, you cannot use HTTP Referrer (an app doesn’t have a "domain").

Instead, you use:

For Android: - SHA-1 Fingerprint (fingerprint of your certificate) - Package name

For iOS: - Bundle ID

Ask your developer for this information. They are specific to your app.

Restrict the APIs

You also have the option to restrict WHICH APIs your key can use.

Example: your key can only use Maps JavaScript API, not Directions API.

1. In your key settings, go to “API Restrictions”
2. Select “Restrict Key Usage”
3. Check only the APIs you are using
4. Click on “Save”

This is an extra layer of security. If someone steals your key, they can only use the authorized APIs.

Security Mistakes to Avoid

NEVER expose your API key publicly: - ❌ In a public GitHub file - ❌ In a visible URL (e.g., https://site.com?key=AIzaSy...) - ❌ In an email or Slack message - ❌ In SHA-1 or other "encoding" (it’s not really secure)

Instead: - ✅ Store it in an environment variable - ✅ Put it in a .env file (never committed to GitHub) - ✅ Use HTTP Referrer or SHA-1 restrictions - ✅ Revoke the key if it’s compromised

Integrate Your API Key into Your Code

Now that you have your key, how do you use it?

For a Website (JavaScript)

This is the simplest method. You add a <script> tag with your key:

<script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx&callback=initMap" async defer></script>

Replace AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx with your actual key.

Then, in your JavaScript, you define the function initMap:

function initMap() {
  const map = new google.maps.Map(document.getElementById('map'), {
    zoom: 12,
    center: { lat: 48.8566, lng: 2.3522 } // Paris
  });
}

This displays a map centered on Paris.

For an Android App

In your AndroidManifest.xml file:

<meta-data
  android:name="com.google.android.geo.API_KEY"
  android:value="AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx" />

For an iOS App

In your AppDelegate.swift file:

import GoogleMaps

GMSServices.provideAPIKey("AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx")

For a Direct API Request (Python, Node.js, etc.)

If you are making direct HTTP calls to the Google Maps API (e.g., Geocoding):

import requests

url = "https://maps.googleapis.com/maps/api/geocode/json"
params = {
  "address": "1600 Amphitheatre Parkway, Mountain View, CA",
  "key": "AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

response = requests.get(url, params=params)
data = response.json()
print(data)

Limits and Costs of the Google Maps API

Google charges for the use of its APIs. But there are free limits.

Free Limits (per month)

API	Free Limit
Maps JavaScript API	28,000 calls/month
Geocoding API	25,000 calls/month
Directions API	25,000 calls/month
Distance Matrix API	25,000 calls/month
Places API	25,000 calls/month

Once you exceed, Google charges you based on usage.

Pricing (after exceeding free limits)

• Maps JavaScript API: $7 per 1,000 calls
• Geocoding API: $5 per 1,000 calls
• Directions API: $5 per 1,000 calls

If you have a site with 100,000 visits per month, and each visitor loads a map, you make 100,000 calls. That costs about 700€/month.

How to Reduce Costs

1. Cache results — if you are doing Geocoding (address → coordinates), store the result. No need to make the request again.
2. Limit calls — only load the map if the user requests it
3. Use free limits — for a small site, 28,000 calls/month are often sufficient

What to Do If You Need a Lot of Google Maps Data?

If you need to extract business lists (names, addresses, phones, emails) from Google Maps, the Google API is not the right solution.

Why? Because the API is designed to display maps and perform calculations (routes, distances). It is not optimized for extracting business lists at scale.

This is where a pre-indexed database like IBLead becomes useful.

IBLead vs Google Maps API

Use case: you want to find all plumbers in Paris

With the Google API: - You have to make hundreds of API calls (expensive) - You are limited to 120 results per search - You cannot filter by rating, number of reviews, or technologies - It takes hours

With IBLead: - Pre-indexed database (50M+ businesses) - CSV export in 2 clicks - Advanced filters (Google rating, number of reviews, detected technologies, SIRET in France) - Instant results - Starting from €44/month

Concrete example: an SEO agency wants to find all restaurants without Google Analytics to approach them.

With the Google API? Impossible — the API does not detect technologies.

With IBLead? You filter by "detected technologies = without Google Analytics" and export the list in 30 seconds.

IBLead is not an alternative to the Google API. It is complementary. You use the API to display a map on your site. You use IBLead to extract business lists.

FAQ — Google Maps API Key

Can I share my API key with someone else?

No. Each API key is personal. If you share it, the other person can use it to make calls to your account (and you will be charged). If you need to share access to a GCP project, use access roles in the project settings.

What do I do if my API key is compromised?

1. Go to “Credentials”
2. Click on the trash can icon next to your key
3. Confirm the deletion

Create a new key. Calls to the old key will fail immediately.

How many API keys can I create?

As many as you want. There is no limit. This is useful if you have multiple apps or sites and want to manage them separately.

Can I use the same API key for both a website AND a mobile app?

Technically yes. But it is not recommended. Create one key per platform. This allows you to revoke a key if it is compromised, without affecting others.