I had an API key with no restriction that I used for the map. Google sent me an email lately telling me that I should restrict the key. I could not find any info on how to do it in detail, so here is what I found.
When your key is created with the option selected on the image above, go to your Appsheet account to set up an integration for the map.
You’re absolutely on the right track with your setup. Here’s a step-by-step breakdown of what you’ve done and what it means — this will help you (or others) ensure your Google Maps API key is secure and functional in AppSheet:
1: Restricting Your Google Maps API Key (Good Security Practice)
In the second image (Google Cloud Console), you’ve correctly restricted your API key. Here’s a breakdown:
Application Restrictions:
Selected: Websites — this means only requests from specific websites are allowed.
Added: .appsheet.com/— this ensures only AppSheet (your app’s frontend) can use the key.
API Restrictions:
Selected: Restrict key
Allowed APIs:
Maps JavaScript API — required for rendering the map.
Geocoding API — required for address to coordinate conversion.
This setup prevents abuse and only allows access from AppSheet, improving security.
2: Connecting API Key to AppSheet (Map Integration)
From the first image (AppSheet UI):
Integration Path:
Navigate to: Login - AppSheet
Go to Integrations → App Services
Click + New App Service
Add your map service using the restricted API key.
This ensures your AppSheet apps can use Google Maps securely via your API key.
Final Checks
Before you’re done, confirm the following:
Billing is enabled in Google Cloud (Maps API requires a billing account even for free-tier usage).
The API key is active and valid.
In AppSheet, you assign the map service to the right columns/views where map rendering or geocoding is used.
