Hi, All,
I’ve managed to get my Google Maps Geolocation and GPS integration working. Very satisfying! 
Google recommends that I restrict my API, so I thought I’d “lock it down” to particle.io. I tried https://*.particle.io/*,
but it looks like the Particle webhooks are then blocked.
Any thoughts as to how I can restrict the API to webhooks that I’m sending from Particle?
Thanks!
It’s not really possible to do that because the webhook worker machines come and go with some frequency and don’t have fixed host names or IP addresses. Since the Google API key is hidden within the webhook there is much less worry about it leaking out than if it were included in the Javascript of a web page, so the need to restrict isn’t as great.
Could it be restricted down to for instance a specific AWS region? Completely understandable to bring up elastic instances (we do that too). Restricting down to a region though could at least reduce the attack surface somewhat.