API keys

Note

This topic describes how to use API keys on the HERE platform. For instructions on using API keys on the HERE developer portal, see API keys.

HERE API keys provide simple and secure authentication of your application. Utilize the API key credentials key-rotation feature to ensure continued security of your application over time. This is done by creating a second API key for your application and deleting the original key when it is no longer required. You can use a maximum of two API keys at once for each application.

Note

If you have already created an app or you are working with an existing group app, skip Step 1: Register your app.

Step 1: Register your app

  1. If you don't already have a HERE account, see Get a HERE account.
  2. Sign in to the HERE platform.
  3. Open the Access Manager from the Launcher.
  4. On the Apps tab, click Register new app and provide the requested information.
  5. Click Register. The platform creates a new app with a unique app ID.
  6. On the Credentials tab, select API Keys and then click Create API key to generate a maximum of two API Keys for your application authentication credentials. The API key is created and displayed.

Note

Your application and associated authentication credentials are specific to your app and don't inherit your user permissions or group memberships. See Manage Apps.

Step 2: Get an API key

  1. Sign in to the HERE platform.
  2. Open the Access Manager from the Launcher.
  3. On the Apps tab, click the app you created in Step 1 or an existing app for which you want to generate an API key.
  4. On the Credentials tab, select API Keys then click Create API key. You can generate a maximum of two API Keys for your app. The API key is created and displayed.

Note

If you are using a previously created app and do not see the Credentials tab or it is greyed out, you may not have manager permissions for this app.

Step 3: Use the API key

To use the API key in a request, specify the key in the apiKey parameter in the request:

Example

https://geocode.search.hereapi.com/v1/geocode
?q=240+Washington+St.%2C+Boston
&limit=4
&apiKey={YOUR_API_KEY}

Trusted domains

API key credentials assurance

Trusted domains enable you to limit the use of your API Key credentials to the sites you specify. By default, any website can make requests to subscribed HERE services using your API Key. Add domains for each site that will make API calls with your API Key credentials. Each site you add must be a valid URI and include a domain name or IPv4 address. Any protocol (http/https) and port provided will also be used during validation.

Examples of acceptable entries

https://production.example.com:1080
example.com
93.184.216.34
http://www.example.com

Steps to configure trusted domains

  1. Sign in to the HERE platform.
  2. Open the Access Manager from the Launcher.
  3. On the Apps tab, click the app you created in Step 1 or an existing app for which you want to configure trusted domains.
  4. On the Trusted domains tab, specify and add up to 20 domains that you trust for your API Key credentials. If you need to specify more than 20 domains, please manage the list with the Platform CLI.
  5. After confirming your list of trusted domains, toggle "ENABLE TRUSTED DOMAINS" on.

Note

Enabling trusted domains when no domains are defined will prevent the app from being available.

Now any service configured to use the API Keys defined on the app will be limited to just the trusted domains you specified. Simply toggle "ENABLE TRUSTED DOMAINS" off to disable trusted domains.

Note

It may take up to 30 minutes for any configuration change to trusted domains to be in force. This means, for example, that tests performed within this timeframe may not return the expected results.

results matching ""

    No results matching ""