#Google APIs indexing

Pretend I come across Google Maps embed on a broken website that I was asked to help fix, I look in the source and dig up the API key, I can use an API when I auth correctly to reverse lookup the Google Cloud Project ID linked to the key, and then if I could ... ? 🤷‍♂️

Is there no read access way to grant one account/service the ability to index all the project IDs of multiple accounts so we can do a nightly update of a DB of IDs and keys so we know what belongs to who?

If the client had an art team throw the map into the page it might be impossible to track down who owns the key, and far easier to generate a fresh one, but I would still love a way to backtrack the origins of things?

Hi Bogard! I'd like to help, but your question needs some clarification to get good answers:

Issues to address:

• Unclear title/content mismatch: Your title says "Google APIs indexing" but you're asking about tracking Project IDs and API keys across accounts
• Vague goal: What's your actual end goal? Are you trying to audit security? Manage keys? Discover project ownership?
• Missing specifics: What have you already tried? Are you looking for a Google Cloud API solution, or a custom tracking system?

To improve your question:

1. Rewrite the title to match your actual question (e.g., "How to track Google Cloud Project IDs from exposed API keys?")
2. Clearly state your goal upfront (not as a hypothetical)
3. Explain what you've already researched or attempted
4. Specify if you're looking for a Google Cloud feature, a third-party tool, or need to build something custom

This will help others give you precise answers!

no, you're not going to be able to programmatically pull the api keys from every account that's a security hazard

Yeah a well organized onboarding would have the clients submit their keys manually.
But who's that managed? Like nobody.
But if we could index things with an invite to our service account then we'd be adding even more value?

2. Over on https://hotxxx.man.butts/membersmap/index.html there's a map I'd like to repair without linking the website to an account that is not managed by the site owner so I am trying to help them find which account on their end needs to update the project to adjust the authorized URLs to include the new sub-domain.

3. No real research. It seems like a unique situation for agencies with clients who have rando needs and even more random management efforts.

4. I'd be running the service to work with Google Cloud API tokens/project ID indexing.

LOL

if they're not paying for it no one cares if it's insecure

0% of the client base would care if one of them could trick one of our staff into telling them the email address from a public API key.

Plus we're not running AI yet. We wouldn't casually tell one customer about a key that is linked to another customer?