Hello Google AI Team and Community,
I am writing to request urgent assistance in restoring my Gemini API free tier quota that has been blocked after I accidentally exposed my API key on a public GitHub repository.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
PROJECT INFORMATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Gmail Account: haiquanckgadsqtlc@gmail.com
Google Cloud Project: hqckgadsqt-official154
Application: Customs Chatbot for
Lao Cai International Railway Border
Gate Customs Authority - Vietnam
Website: hqckgadsqtlc-chatbot-official.vercel.app
Purpose: Non-commercial government public service helping citizens with customs
procedures
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WHAT HAPPENED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
On approximately April 10-14, 2026, I was developing a chatbot application and
accidentally committed my Gemini API key inside a JavaScript configuration file
(config.js) to a PUBLIC GitHub repository.
The key was exposed publicly for approximately 4-5 days before I realized the security issue.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ACTIONS I HAVE TAKEN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
After discovering the issue, I immediately:
✅ Step 1: Removed the API key from the config.js file in GitHub
✅ Step 2: Changed the GitHub repository from PUBLIC to PRIVATE so no one can
access the code anymore
✅ Step 3: Revoked ALL old compromised API keys from Google AI Studio
✅ Step 4: Created multiple NEW API keys from the same account in different
new Google Cloud projects
✅ Step 5: Tested all new API keys immediately after creation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CURRENT PROBLEM
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
All newly created API keys are showing quota limit = 0, causing immediate
429 errors even on first request.
Error Response I Receive:
{
"error": {
"code": 429,
"message": "You exceeded your current
quota, please check your plan and
billing details.",
"status": "RESOURCE_EXHAUSTED",
"details": [
{
"quotaMetric":
"generativelanguage.googleapis.com/
generate_content_free_tier_requests",
"quotaId":
"GenerateRequestsPerDayPerProject
PerModel-FreeTier",
"model": "gemini-2.0-flash",
"limit": 0 ← THIS IS THE PROBLEM
}
]
}
}
Models Tested (All show limit: 0):
❌ gemini-2.0-flash
❌ gemini-1.5-flash
❌ gemini-1.5-flash-8b
❌ gemini-2.0-flash-lite
❌ gemini-1.5-flash-latest
Test Method Used:
POST https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=NEW_API_KEY
With simple test body:
{
"contents": [{
"parts": [{"text": "Hello"}]
}]
}
Result: 429 immediately on first request Expected: 200 OK with response
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MY UNDERSTANDING OF THE ISSUE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
I believe Google's automated security system has:
1. Detected the exposed API key on public GitHub
2. Flagged my entire Google account/billing account
3. Set free tier quota to 0 for ALL new keys from this account
4. This restriction persists even after creating fresh API keys in new projects
This makes sense as a security measure, but I have now fully remediated the
security issue and am requesting quota restoration.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ABOUT MY APPLICATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
My chatbot serves:
- Organization: Lao Cai International Railway Border Gate Customs Authority
- Country: Vietnam
- Purpose: Help citizens and businesses understand customs procedures, regulations, and requirements
- Users: Importers, exporters, logistics companies operating through Lao Cai
international railway border gate
- Usage: Approximately 50-100 queries/day
- Commercial: NO - This is a free public government service
- Revenue: NONE
The chatbot answers questions based on official Vietnamese customs regulations
(Decree 167/2025/ND-CP) and helps reduce workload on customs officers
while improving public service quality.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MY REQUEST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
I respectfully request Google AI Team to:
1. RESTORE the free tier quota for my
Gmail account:
haiquanckgadsqtlc@gmail.com
2. OR whitelist my new Google Cloud project so new API keys work normally
3. OR advise on the correct process to restore access
I understand this restriction exists to prevent API key abuse, and I fully
support Google's security policies. The exposure was completely accidental and I have taken all necessary steps to secure my credentials.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SECURITY MEASURES NOW IN PLACE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Going forward, I have implemented:
✅ GitHub repository is now PRIVATE
✅ API keys stored in Vercel Environment Variables (not in code)
✅ No API keys in any configuration files
✅ Regular key rotation policy established
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Thank you very much for your time and assistance. I look forward to
your response.
Best regards,
Customs Officer - IT Department Lao Cai International Railway Border Gate Customs Authority
Email: haiquanckgadsqtlc@gmail.com
Vietnam
