Places (Search) API Developer's Guide

Cross-Domain JavaScript Requests

Often, browsers prevent access to certain servers due to security restrictions. Cross-Domain JavaScript Requests allow developers to work around security restrictions that would prevent an application from contacting Places (Search) API directly. For example, certain location information might not be retrievable without enabling this method. In order to allow full access to servers, the Places (Search) API provides a mechanism to enable client-side cross-origin requests that allow JavaScript resources to be fetched from another domain.

For details on how this mechanism operates, see Cross-Origin Resource Sharing. Places (Search) API currently uses all headers and parameters of this mechanism.

In order to support browser platforms which do not yet implement Cross-Origin Resource Sharing, GET requests can alternatively be made using JSONP. To use JSONP, your application simply supplies the name of its callback function in the callback query string parameter. When making a JSONP request, parameters that would normally be sent as HTTP headers can be passed as query string parameters instead.

For example, to use JSONP to request German-language results with a callback named myCallbackFunction, you could make a request like the example below:

GET https://places.ls.hereapi.com/places/v1/discover/search?at=52.5044,13.3909
&q=restaurant
&apiKey={YOUR_API_KEY}
&pretty
&callback=myCallbackFunction
&Accept-Language=de

Note: The examples in this section use a HERE API Key to authenticate your request. For the available authentication options, see the Identity & Access Management Developer Guide.

Note: The JSONP mechanism only works for GET requests. POST requests can only be made using the Cross-Origin Resource Sharing mechanism discussed above.