Store Locator Plus® for WordPress › Forums › Store Locator Plus › Split: API restricted and IP address
Tagged: search API
- This topic has 21 replies, 4 voices, and was last updated 5 years, 9 months ago by Cici.
-
AuthorPosts
-
January 21, 2019 at 12:56 PM #58434AdamParticipant
Hi Cici,
Thanks a lot for your quick support with this issue!
I’m on WordPress 5.0.3 locally and in production and the site is on a paid Maps API key. Interestingly enough, I’ve updated SLP locally and on production – this fixed my issues locally, but not on production. Locally the search seems to work pretty well, but every search on production is now being blocked.
At this point I’m thinking the issue must be something on Google’s end rather than the plugin. If you have any other suggestions I’d really appreciate it!
January 21, 2019 at 2:42 PM #58436AdamParticipantFixed the issue. I was restricting my key by IP address because that’s what Google says is the only restriction you can use on a Geocoder API key. I switched the restriction to the http referrers and put the site address in with a /* at the end. This combined with the plugin update has resolved my issue.
January 21, 2019 at 3:34 PM #58441CiciKeymasterYeah, Google instructions are the worse! That is why we have written and rewritten documentation and why the developer wrote more than one article. Not only that but their instructions and terms and conditions keep changing. People get angry at the plugin updates sometimes and even write horrid reviews based on the fact that they have had to update versions or because they cant figure out the Google API key
Thanks for providing this update and letting us know the patch worked and also about the API. If you found the support here useful or responsive and have a few seconds and could leave us a stellar review it would be much appreciated! If you do not believe the support was helpful or timely , please send us a note via the support form.
January 24, 2019 at 2:14 PM #58489AdamParticipantHi Cici,
The issue has actually come back… My Google Maps API key is restricted by IP address, which according to Google, is the only restriction you’re allowed to use with the Geocoding API. I have the IP set to the server IP but it doesn’t seem to allow requests unless I add in my own public IP address. So since the Geocoding API request isn’t coming from the server, is there a way I can set it up to do that? How can I get this to work with an API key restricted by IP?
Really appreciate the help you’ve provided. I will leave a great review for you right now!
January 24, 2019 at 3:04 PM #58490AdamParticipantHi Cici,
I’ve read your Google Geocoding Key documentation and it’s definitely setup according to this documentation.
To clarify my post above, if I go to this url (https://maps.googleapis.com/maps/api/geocode/json?components=postal_code:T1S%7Ccountry:CA&key=) and put my Geocoding key in the key parameter, it will block the request because the IP my computer is using is different than the server IP which isn’t allowed to use it. So assuming the server is doing something similar, the SLP should get results back, right? However, if I add my own IP to the list of restricted IPs, going to that same URL will return results correctly and the SLP works properly. This tells me that the Geocoder request is being sent from the frontend, instead of the server. Is there a configuration I could be missing somewhere? Shouldn’t the request be sent from the server?
I could unrestrict the API key but that leaves it open to be used by anyone and run up our costs.
Hopefully that makes sense, let me know if there’s anything that’s still confusing.
January 24, 2019 at 3:54 PM #58493CiciKeymasterAha, This may be very helpful to solve some of our missing locations cases. I do not know if Google has yet again changed something or what, but the developer needs as much info as possible because we cannot replicate the issue on our end. We understand people wanting to restrict the APi key, in reality the chances of everyone having the wherewithal to even be able to find your API key is very small.
Do you have a test site or a staging or dev site that you might be able to provide our developer if he needs one ? (not in the forum bu via our secure support contact us)
January 24, 2019 at 3:54 PM #58494CiciKeymasterAha, This may be very helpful to solve some of our missing locations cases. I do not know if Google has yet again changed something or what, but the developer needs as much info as possible because we cannot replicate the issue on our end. We understand people wanting to restrict the APi key, in reality the chances of everyone having the wherewithal to even be able to find your API key is very small.
Do you have a test site or a staging or dev site that you might be able to provide our developer if he needs one ? (not in the forum bu via our secure support contact us)
January 24, 2019 at 4:15 PM #58497AdamParticipantHi Cici,
Unfortunately I don’t have one setup right now, but I could set one up if you need it. I could send you the production link to our SLP form if that helps?
January 24, 2019 at 5:10 PM #58505AdamParticipantUpdate: I’ve looked through the code and it does appear that the request is being sent from the server-side. I’ve logged the response I get from Google and it says “API keys with referer restrictions cannot be used with this API.” even though the restriction I’m using is an IP address…
January 24, 2019 at 5:28 PM #58507CiciKeymasterIf you use IP Address restrictions the IP address must be the direct IP address of the server not a proxy service address. Could that be why Google is sending you the API error?
P.S. Are you on SLP version 5.03 now?
January 24, 2019 at 5:31 PM #58508AdamParticipantRight, it’s the server’s direct address. Yes I’m on version 5.03 of the plugin.
I’ve opened a support case with Google, will report back with anything useful.
January 24, 2019 at 5:50 PM #58509CiciKeymasterOk, Also the SLP Developer said if you want to send screenshots to our contact us support email. he will be able to look for you as well. Screenshots should be of
1) SLP General Settings showing both Google API Key fields.
2) Google API Key DETAILS screen for the Browser Key (showing the key ID , restriction settings, etc.)
3) Google API Key Details screen for the Geocoder key.
January 25, 2019 at 2:01 PM #58516AdamParticipantHi Cici,
I’ve actually managed to fix the issue, thanks to Google’s support team. Apparently I had the wrong IP address all along… I was using the IP my server’s cpanel gave me, which is also the same IP I get back when pinging the website – I was positive it was correct. There must be some sort of weird setup going on with this server where the website responds with one IP, but the server-side code actually runs using a different IP – not sure.
These are the instructions Google gave me to get the correct IP:
If you open the network tab of the developer console (in Chrome : right click page > select ‘inspect’ > click ‘network’ in the pane that appears on screen), then enter a zip code and press find location, then click the ‘XHR’ tab in the network tab, the most recent request should be the zip code you just entered. Click on it and then to the right click ‘response’. Here you will find the response form the server, which for me was as follows:
{“error_message”:”This IP, site or mobile application is not authorized to use this API key. Request received from IP address xx.xx.xxx.xxx, with referer: https:\/\/maps.googleapis.com\/maps\/api\/geocode\/json?language=en®ion=us&key=AIzaSyDFm……….MU9b0&address=78705″,”results”:[],”status”:”REQUEST_DENIED”}
Thanks a lot for your help and patience! Great support you provide here!
January 25, 2019 at 4:33 PM #58520CiciKeymasterThanks for letting us know. I had a 1 hour meeting this morning with the SLP developer going over various scenarios and issues others were having and yours came up as well. So i received an impromptu lesson showing me where all the restrictions went , what the difference was etc, and the fact that SLP update a few months ago works differently t no longer routes geocoding requests direct to Google. Since a few releases ago, They are now routed to your WordPress install where WordPress communicates with Google. This allows your Google API keys to be secured and not leak out via JavaScript where anyone can “borrow” your API key and install it on their site while you pay the bill. Older versions of SLP didn’t care if your WordPress REST endpoints were mis-configured because it wasn’t using them
Glad to hear that the message you were seeing was indeed because of the IP address . And no it isn’t weird about the IP address, that was going to be today’s question to you after my meeting.
, Lance was explaining to me about the cpanel and the server proxy and the different IP address…..since I am really not that technical my eyes starting glazing over.
January 28, 2019 at 5:19 PM #58541Lance ClevelandKeymasterAdam — I’ve improved the WSLP messaging when the Google API key fails to help people resolve Google key setup issues sooner. SLP 5.0.4 will be out soon with those changes and CiCi can get a copy of the SLP 5.0.4 prerelease for those that are having location lookup problems and think it may be something to do with how their Google API keys are configured.
January 28, 2019 at 10:10 PM #58543AdamParticipantThat’s great news! Glad to hear it!
I’m confused on what you mean by the requests being routed to where the WordPress install is. As far as I know, typically a WordPress site will be running on the same IP. I haven’t had a chance to look into why the site is setup the way it is, but that could have something to do with why I had the wrong IP in the first place.
February 20, 2019 at 6:06 PM #58786CiciKeymasterI think Lance meant whether it was installed in a subdirectory, the old WP codex do not refer to the REST API, and that is the methodology in use for quite a while now. Some customers had setup wordpress in a subdirectory and there were 404 errors .
As far as the IP address, if you had the request going thru a proxy server that could have something to do with your issue for sure.
Are you all set now with the latest updates ?
March 4, 2019 at 9:32 AM #58869MindyParticipantHi I am having the same issue and have been trying over the past few days to resolve. I have been in touch with Google and they are saying that the IP that is being reported is not the same as the IP that I have from my c panel (or the IP from the shared hosting server). I followed Adams instructions and receive the same information back from the XHR tab. I’m not sure I understand from this thread what solved the issue. How can I obtain the proper IP? Thanks for your help.
March 4, 2019 at 9:47 AM #58870MindyParticipantI reread the error message and this is what I receive from the XHR tab:error_message: “This IP, site or mobile application is not authorized to use this API key. Request received from IP address 2607xxxxxxxxxx, with referer: https://maps.googleapis.com/maps/api/geocode/json?language=en®ion=ca&key=AIzaSyBc3m1_H9_53zBvAHQHl0d-79cvs94u5Wk&address=N6C1x4”
results: []
status: “REQUEST_DENIED”If this provides another clue. Thanks.
March 5, 2019 at 1:34 PM #58882CiciKeymasterMindy, you have not set up your keys correctly. Also as far as the wrong IP address, if you are using a proxy server that may generate the Ip address issue.
Please refer to the developers blog about this and how to properly set up your key.
https://www.storelocatorplus.com/api-keys-with-referer-restrictions-cannot-be-used/
He explains how to finnd your IP address etc,
March 8, 2019 at 5:14 PM #58914MindyParticipantIt seemed to resolve. I had tried a couple of times and can only guess that I wasn’t waiting long enough when I had changed the IP on the google console. Thanks for your help, Cici.
March 8, 2019 at 5:38 PM #58915 -
AuthorPosts
- The topic ‘Split: API restricted and IP address’ is closed to new replies.