Google API keys - What is server key and browser key

Question

I ma using google maps in my app, and use the URL as following format without the API key- values,

<script type="text/javascript"
      src="https://maps.googleapis.com/maps/api/js?sensor=SET_TO_TRUE_OR_FALSE">
    </script>

Now I need to use the API key to track the requests, according to the examples it needs to add another API key query string parameter,

<script type="text/javascript"
      src="https://maps.googleapis.com/maps/api/js?key=API_KEY&sensor=SET_TO_TRUE_OR_FALSE">
</script>

But, I received 2 keys, One for servers (IP address restrictions) and one for browser apps (domain level restrictions) are as follows:

Server Key: XXXX Browser Key: YYYYY

Which key should I use in my app, should I use both of them? Could not find a good article on this.

Answer 1

Try the browser key, found this post, but it's written on 2012,

https://groups.google.com/forum/#!topic/android-gcm/Ir-dNtPRKcU

Found this on web: "2.Click Create new Server key. Either a server key or a browser key should work. The advantage to using a server key is that it allows you to whitelist IP addresses. The following screen appears:"

http://developer.android.com/google/gcm/gs.html

Hope this will help you!

Answer 2

This is relevant again now that Google just recently deprecated Browser Keys for its Web Services APIs.

Here are the current definitions:

Server keys

Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

Browser keys

Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

(from https://developers.google.com/console/help/new/)

Answer 3

As of now (early 2018), I suspect the difference between server key and browser key is insignificant and only conceptual. Because the web console allows you to apply IP restriction or referrer restriction to any of your key. So, for the same key, you can apply a referrer restriction and then it works as a browser key, and you apply an IP restriction and then it works as a server key. Besides, I don't find specific documentation on server key vs browser key from this official help page.