Private tables with Google Maps API for Business

  1. Overview
  2. Authorizing Private Tables
  3. Using Private Tables in the API
  4. Security Implications

Overview

Google Fusion Tables lets you store, visualize and share your data online. Your geographical data, such as a set of businesses for a store locator application, is hosted by Google, and can be accessed by your Maps API for Business application using either the Google Fusion Tables API or a FusionTablesLayer.

Your Google Maps API for Business features are associated with the Google Account that was specified during purchase. You must use this account when authenticating to the Fusion Tables API. If you have questions about your account, contact the Google Enterprise Support portal.

Fusion Tables supports three levels of access control to the data table: private, unlisted and public. The standard Maps API only allows you to embed tables that have public or unlisted visibility.

Google Maps API for Business (previously called "Google Maps API Premier") allows you to go beyond this restriction, by allowing you to render data contained in private Google Fusion Tables as well. 

Authorizing Private Tables

To authorize a private Fusion Table to be rendered on a website, you need to provide your Maps API for Business client ID by following these steps:

  1. Open the table you would like to authorize.
  2. From the menu toolbar, select File > About to open the following dialog:

    Fusion Tables About Table dialog

  3. Click the set up now link to open the Protected Map Layer dialog:

    Fusion Tables Protected Map Layer dialog

  4. Enter your Maps API Client ID and click Activate to enable the feature.

Using Private Tables in the API

No specific JavaScript code changes are necessary to take advantage of this private Fusion Tables capability. Both public and private Fusion Tables are rendered using the FusionTablesLayer object as described in the layers documentation.

The only difference between public and private Fusion Tables in the API is in the FusionTablesMouseEvent object returned during click events. When the Fusion Table is private, the row property will be empty (the other properties, like infoWindowHtml, are still populated). This helps prevent accidentally exposing columns you did not want to be visible to end users.

Security Implications

The Google Maps API will protect your data by only displaying your private Fusion Tables on the URLs you specify. Thus, if you have enabled mywebsite.com on your Maps API for Business client ID, only mywebsite.com would be able to display this private table. There are access restrictions designed to prevent unauthorized use of the map tiles and data resources required to render table layers. These measures prevent other websites from embedding private tables on their pages, and disallow table contents from being downloaded directly.

However, if you embed a private table on a public website, you are allowing all users to access the data underlying the table through the FusionTablesLayer. It is possible for a user to manually click on each entity and record its details, just as they could 'screen scrape' any private database exposed by a public website. You should not associate your client ID with any table containing data you do not want to be visible to end users.