News and Updates

Announcing Two New Authentication Types

By Michael Palermo | 11 December 2019

Try HERE Maps

Create a free API key to build location-aware apps and services.

Get Started

We are pleased to announce two new types of authentication for HERE location services: API Keys and OAuth 2.0 Tokens. These new types of authentication are available now!

To utilize our new security types, you will need a developer account. If you do not have one, you can register here:

HERE Developer account (https://developer.here.com)

 

Why change?

HERE recommends use of API Keys or OAuth 2.0 Tokens for improved security. APP CODE credentials are the least secure of the authentication credential types. Existing accounts using APP CODE credentials will continue to be supported. However, we encourage you to start transitioning to the new authentication types to take advantage of improved security.

The first step in selecting an authentication model is to generate the app. The screen capture below shows a new developer account project page with "Generate App" buttons for products such as JavaScript and REST:

2019profile_new

Once an app is generated, you can now choose which authentication model the product supports. For example, the JavaScript product supports API Keys, while REST supports API Keys and OAuth 2.0 Tokens. Let's learn a little more about each option.

 

API Keys

API Key credentials provide for simple and secure authentication of your application. Utilize the API Key credentials key-rotation feature to ensure continued security of your application over time. This is done by creating a second API Key for your application and deleting the original key when it is no longer required. You can use a maximum of two API Keys at once for each application.

The following screen capture shows an app has been generated for JavaScript, and a "Create API key" button is now enabled:

2019js_new_app

To generate the API Key, click the "Create API key" button. The resulting API Key credential is provided as shown here:

2019js_new_api_key

Let's learn a little more about the next option.

 

OAuth 2.0 Tokens

HERE Token Credentials conform to the OAuth 2.0 industry standard protocol for Bearer Access Tokens. HERE provides REST APIs to obtain these secure access tokens that may be used for up to 24 hours by your application for the purpose of authenticating requests to the HERE platform.

In REST, after generating an app, click the "Create credentials" button. You will get confirmation of credentials as shown here:

2019rest_oauth


Important Note

With the introduction of OAuth 2.0 Token and API Key authentication types there are also new domain names for HERE services. In order to use the new authentication types please use the domain names listed here.    

Summary

HERE has introduced the use of API Keys or OAuth 2.0 Tokens for improved security.

  • Existing accounts using APP CODE credentials will continue to be supported.
  • For HERE SDK for IOS & Android (Starter & Premium Edition), only APP CODE credentials are supported.
  • All other newly generated apps will require API Key or OAuth 2.0 Token credentials.
More detailed information about all authentication types for HERE services can be found at our Authentication and Authorization Developer Guide.