Authentication and Authorization

Before you can use the Data Inspector Library, as well as run the embedded example applications, you need to obtain platform and repository credentials from the HERE platform portal.

Platform Credentials

The local Data Inspector application needs these credentials to authenticate with the platform and access data in catalogs and layers.

Platform credentials are the here.access.key.id and here.access.key.secret from the credentials.properties file downloaded from the portal.

For more information, see the Platform credentials chapter of the Identity and Access Management Guide.

Repository Credentials

You need these credentials to access the HERE Artifactory Repository that serves Data Inspector Library projects from a private npm registry.

Repository credentials are stored in a Maven settings.xml file. You can generate and download this file from the platform portal. Then, place the file into the .m2 folder in your home repository. The username and password tags in settings.xml contain your credentials to the HERE Artifactory Repository.

For more information, see the Repository credentials chapter of the Identity and Access Management Guide.

Basic Authentication Flow

A basic platform authentication flow looks like below:

1. The client app creates a signed request with here.access.key.id and here.access.key.secret.
2. The client app sends a request to the HERE Account.
3. The HERE Account responds with a JWT token for valid credentials.
4. All client app requests are signed by the JWT token.
5. The Data Service authorizes access with the JWT token.

To avoid entering credentials on each app launch, you can use an alternative flow. For protected servers with other means of authentication, such as an intranet login, a token can be returned to a client app.

Use Platform Credentials

Enter your platform credentials into the Authentication form in the local Data Inspector window (for example, when running Data Inspector Library example applications):

First, you must enter the values of the here.access.key.id and here.access.key.secret properties into the Authentication form. You can get these details from your personal credentials.properties file. With this method, the web app automatically generates an access token for you. Once the token has expired, the web app automatically requests a new one.

Then, if you want your app to access catalog data from within a specific project, you'll need the HERE Resource Name (HRN) of that project. Projects are used to track the usage (transfer, storage, compute) of catalogs that are on the credit-usage report. You can get the project HRN you need by going to the Project Manager in the portal.

Note that to work with catalogs and layers, your application needs access permissions that are granted by catalog owners. For more information, see Manage apps.

Auto Connect

This feature is available for both authentication modes. It allows you to persist the connection to the HERE platform.

Once you establish a connection and toggle this switch on, the web app automatically reconnects whenever you refresh your browser window. The web app reuses the credentials of the first successful connection.

Please note that auto connect is disabled after you end your session by closing the tab in your browser.

Use Local Authentication File

This method uses an access key ID and access key secret, but you store them in a config.json file. Using this method, you do not have to enter the details into the Authentication form.

You will find an example of this file called config.json.example in the root directory of the web app. Save a copy of this file as config.json, remove the commented header, and replace the placeholder values with your credentials.

To use this option, select the Use local file option. Fields for entering your access key and secret hide, and the application switches to the local config.json file.