Requesting a Token
Once you have an access key and signature, you can request a token using the token REST API. A typical request includes these elements:
URL
https://account.api.here.com
/oauth2/token
HTTP Header
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth
oauth_consumer_key="<Access Key>",
oauth_nonce="<Random string, uniquely generated for each request>",
oauth_signature="<Signature>",
oauth_signature_method="HMAC-SHA256",
oauth_timestamp="<Epoch seconds>",
oauth_version="1.0"
The parameters in the HTTP header are described in this table.
Parameter | Description |
---|---|
oauth_consumer_key | The access key ID for which you want to generate a token. For instructions on creating an access key, see Setting up your team and permissions. In the credentials file that you download when you create an access key, the access key ID is the value in the here.access.key.id property. |
oauth_nonce | A unique string for this signature. The string cannot have been used in a previous signature. Each request to the Authentication and Authorization API must have a unique signature, and the value in this parameter is what is used to ensure the signature is unique. |
oauth_signature | An OAuth 1.0 HMAC-SHA256 signature. For more information, see Creating a Signature |
oauth_signature_method | Always use "HMAC-SHA256" |
oauth_timestamp | The number of seconds since the Unix epoch at the point the request is generated. The HERE Open Location Platform rejects requests created too far in the past or future. |
oauth_version | Always use "1.0" |
Request Body
The request body must contain:
grant_type=client_credentials
grant_type
must always be client_credentials
.Here is an example request:
POST /oauth2/token HTTP/1.1
Host: account.api.here.com
Authorization: OAuth oauth_consumer_key="1tqA_sample1fLhs2z6_q1l",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1512072698",oauth_nonce="ZGAaMP",oauth_version="1.0",oauth_signature="Q0sample4lqICrx19%2F4ahaH%2Fi2O0NgqDUQJgti5U3Q%3D"
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
Response
The response body contains:
Parameter | Description |
---|---|
access_token | A token you can use to authenticate REST requests. |
token_type | The type of token issued by the Authentication and Authorization API. This value will always be "bearer" since the API issues bearer tokens. |
expires_in | The number of seconds until the token expires. Tokens expire 24 hours after they are issued. |
Here is an example response:
{
"access_token":"VE5URXlJbjAuLmE4S0l4eVpQVE1zbHRwcnQyZ1BSVGcuS3RHT2V...",
"token_type":"bearer",
"expires_in":86399
}
Now that you have a token, continue to Using a Token.