Store Locator Plus® for WordPress Forums Store Locator Plus Split: API restricted and IP address

Tagged: 

Viewing 22 posts - 1 through 22 (of 22 total)
  • Author
    Posts
  • #58434
    Adam
    Participant

    Hi Cici,

     

    Thanks a lot for your quick support with this issue!

     

    I’m on WordPress 5.0.3 locally and in production and the site is on a paid Maps API key. Interestingly enough, I’ve updated SLP locally and on production – this fixed my issues locally, but not on production. Locally the search seems to work pretty well, but every search on production is now being blocked.

     

    At this point I’m thinking the issue must be something on Google’s end rather than the plugin. If you have any other suggestions I’d really appreciate it!

    #58436
    Adam
    Participant

    Fixed the issue. I was restricting my key by IP address because that’s what Google says is the only restriction you can use on a Geocoder API key. I switched the restriction to the http referrers and put the site address in with a /* at the end. This combined with the plugin update has resolved my issue.

    #58441
    Cici
    Keymaster

    Yeah, Google instructions are the worse!  That is why we have written and rewritten documentation and why the developer wrote more than one article. Not only that but their instructions and terms and conditions keep changing. People get angry at the plugin updates sometimes and even write horrid reviews based on the fact that they  have had to update versions or because they cant figure out the Google API key

    Thanks for providing this update and letting us know the patch worked and also about the API.  If you found the support here useful or responsive and have a few seconds and could leave us a stellar review it would be much appreciated!  If you do not believe the support was helpful or  timely , please send us a note via the  support form.

     

    #58489
    Adam
    Participant

    Hi Cici,

    The issue has actually come back… My Google Maps API key is restricted by IP address, which according to Google, is the only restriction you’re allowed to use with the Geocoding API. I have the IP set to the server IP but it doesn’t seem to allow requests unless I add in my own public IP address. So since the Geocoding API request isn’t coming from the server, is there a way I can set it up to do that? How can I get this to work with an API key restricted by IP?

     

    Really appreciate the help you’ve provided. I will leave a great review for you right now!

    #58490
    Adam
    Participant

    Hi Cici,

    I’ve read your Google Geocoding Key documentation and it’s definitely setup according to this documentation.

    To clarify my post above, if I go to this url (https://maps.googleapis.com/maps/api/geocode/json?components=postal_code:T1S%7Ccountry:CA&key=) and put my Geocoding key in the key parameter, it will block the request because the IP my computer is using is different than the server IP which isn’t allowed to use it. So assuming the server is doing something similar, the SLP should get results back, right? However, if I add my own IP to the list of restricted IPs, going to that same URL will return results correctly and the SLP works properly. This tells me that the Geocoder request is being sent from the frontend, instead of the server. Is there a configuration I could be missing somewhere? Shouldn’t the request be sent from the server?

    I could unrestrict the API key but that leaves it open to be used by anyone and run up our costs.

     

    Hopefully that makes sense, let me know if there’s anything that’s still confusing.

    • This reply was modified 5 years, 9 months ago by Adam.
    • This reply was modified 5 years, 8 months ago by Cici.
    #58493
    Cici
    Keymaster

    Aha, This may be very helpful to solve some of our missing locations cases. I do not know if Google has yet again changed something or what, but the developer needs as much info as possible because we cannot replicate the  issue on our end.   We understand people wanting to restrict the APi key, in reality the chances of everyone having the wherewithal to even be able to find your API key is very small.

    Do you have a test site or a staging or dev site that you might be able to provide our developer  if he needs one ? (not in the forum  bu  via our secure support contact us)

     

    #58494
    Cici
    Keymaster

    Aha, This may be very helpful to solve some of our missing locations cases. I do not know if Google has yet again changed something or what, but the developer needs as much info as possible because we cannot replicate the  issue on our end.   We understand people wanting to restrict the APi key, in reality the chances of everyone having the wherewithal to even be able to find your API key is very small.

    Do you have a test site or a staging or dev site that you might be able to provide our developer  if he needs one ? (not in the forum  bu  via our secure support contact us)

     

    #58497
    Adam
    Participant

    Hi Cici,

    Unfortunately I don’t have one setup right now, but I could set one up if you need it. I could send you the production link to our SLP form if that helps?

    #58505
    Adam
    Participant

    Update: I’ve looked through the code and it does appear that the request is being sent from the server-side. I’ve logged the response I get from Google and it says “API keys with referer restrictions cannot be used with this API.” even though the restriction I’m using is an IP address…

    #58507
    Cici
    Keymaster

    If you use IP Address restrictions the IP address must be the direct IP address of the server not a proxy service address. Could that be why Google is sending you the API error?

    P.S. Are  you on SLP version 5.03 now?

    #58508
    Adam
    Participant

    Right, it’s the server’s direct address. Yes I’m on version 5.03 of the plugin.

     

    I’ve opened a support case with Google, will report back with anything useful.

    #58509
    Cici
    Keymaster

    Ok, Also the  SLP Developer said if you want to send screenshots  to our contact us support email. he will be able to look for you as well. Screenshots should be of

    1) SLP General Settings showing both Google API Key fields.

    2) Google API Key DETAILS screen for the Browser Key (showing the key ID , restriction settings, etc.)

    3)  Google API Key Details screen for the Geocoder key.

    #58516
    Adam
    Participant

    Hi Cici,

    I’ve actually managed to fix the issue, thanks to Google’s support team. Apparently I had the wrong IP address all along… I was using the IP my server’s cpanel gave me, which is also the same IP I get back when pinging the website – I was positive it was correct. There must be some sort of weird setup going on with this server where the website responds with one IP, but the server-side code actually runs using a different IP – not sure.

    These are the instructions Google gave me to get the correct IP:

    If you open the network tab of the developer console (in Chrome : right click page > select ‘inspect’ > click ‘network’ in the pane that appears on screen), then enter a zip code and press find location, then click the ‘XHR’ tab in the network tab, the most recent request should be the zip code you just entered. Click on it and then to the right click ‘response’. Here you will find the response form the server, which for me was as follows:

     

    {“error_message”:”This IP, site or mobile application is not authorized to use this API key. Request received from IP address xx.xx.xxx.xxx, with referer: https:\/\/maps.googleapis.com\/maps\/api\/geocode\/json?language=en&region=us&key=AIzaSyDFm……….MU9b0&address=78705″,”results”:[],”status”:”REQUEST_DENIED”}

     

    Thanks a lot for your help and patience! Great support you provide here!

    #58520
    Cici
    Keymaster

    Thanks for letting us  know. I had a 1 hour meeting this morning with the SLP  developer going over various scenarios  and issues others were having and yours came up as well. So i received an impromptu lesson showing me where all the restrictions went , what the difference was   etc, and the fact that SLP update a few months ago works differently t no longer routes geocoding requests direct to Google.  Since a few releases ago,  They are now routed to your WordPress install where WordPress communicates with Google. This allows your Google API keys to be secured and not leak out via JavaScript where anyone can “borrow” your API key and install it on their site while you pay the bill. Older versions of SLP didn’t care if your WordPress REST endpoints were mis-configured because it wasn’t using them

    Glad to hear that the message you were seeing was indeed because of the  IP address .  And no it isn’t weird about the IP address, that was going to be today’s question to you after my meeting.

    , Lance was explaining to me about the cpanel and the server proxy  and the different IP address…..since I am really not that technical my eyes starting glazing over.

    #58541
    Lance Cleveland
    Keymaster

    Adam — I’ve improved the WSLP messaging when the Google API key fails to help people resolve Google key setup issues sooner.     SLP 5.0.4 will be out soon with those changes and CiCi can get a copy of the SLP 5.0.4 prerelease for those that are having location lookup problems and think it may be something to do with how their Google API keys are configured.

    #58543
    Adam
    Participant

    That’s great news! Glad to hear it!

    I’m confused on what you mean by the requests being routed to where the WordPress install is. As far as I know, typically a WordPress site will be running on the same IP. I haven’t had a chance to look into why the site is setup the way it is, but that could have something to do with why I had the wrong IP in the first place.

    #58786
    Cici
    Keymaster

    I think Lance meant whether it was installed in a subdirectory, the old WP codex do not refer to the REST API, and that is the methodology in use for quite a while now. Some customers had setup wordpress in a subdirectory and there were 404 errors .

    As far as the IP address, if you had the request going thru a proxy server that could have something to do with your issue for sure.

    Are you all set now with the latest updates ?

    #58869
    Mindy
    Participant

    Hi I am having the same issue and have been trying over the past few days to resolve. I have been in touch with Google and they are saying that the IP that is being reported is not the same as the IP that I have from my c panel (or the IP from the shared hosting server). I followed Adams instructions and receive the same information back from the XHR tab. I’m not sure I understand from this thread what solved the issue. How can I obtain the proper IP? Thanks for your help.

    #58870
    Mindy
    Participant

    I reread the error message and this is what I receive from the XHR tab:error_message: “This IP, site or mobile application is not authorized to use this API key. Request received from IP address 2607xxxxxxxxxx, with referer: https://maps.googleapis.com/maps/api/geocode/json?language=en&region=ca&key=AIzaSyBc3m1_H9_53zBvAHQHl0d-79cvs94u5Wk&address=N6C1x4”
    results: []
    status: “REQUEST_DENIED”

    If this provides another clue. Thanks.

    #58882
    Cici
    Keymaster

    Mindy, you have not set up your keys correctly. Also as far as the wrong IP address, if you are using a proxy server that may generate the Ip address issue.

     

    Please refer to the developers blog about this and how to properly set up your key.

    https://www.storelocatorplus.com/api-keys-with-referer-restrictions-cannot-be-used/

    He explains how to finnd your IP address etc,

     

    #58914
    Mindy
    Participant

    It seemed to resolve. I had tried a couple of times and can only guess that I wasn’t waiting long enough when I had changed the IP on the google console. Thanks for your help, Cici.

    #58915
    Cici
    Keymaster

    @Mindy Good to hear that.  If you have any other questions please start a new post. I am planning on closing this one as resolved since the initial tag, header  for the post was Canadian postal codes and we now have  wandered off subject

    Have a good week

    🙂

     

Viewing 22 posts - 1 through 22 (of 22 total)
  • The topic ‘Split: API restricted and IP address’ is closed to new replies.