- Products ProductsLocation Services
Solve complex location problems from geofencing to custom routing
PlatformCloud environments for location-centric solution development, data exchange and visualization
Tracking & PositioningFast and accurate tracking and positioning of people and devices, indoors or outdoors
APIs & SDKsEasy to use, scaleable and flexible tools to get going quickly
Developer EcosystemsAccess Location Services on your favorite developer platform ecosystem
- Documentation DocumentationOverview OverviewServices ServicesApplications ApplicationsDevelopment Enablers Development EnablersContent ContentHERE Studio HERE StudioHERE Workspace HERE WorkspaceHERE Marketplace HERE MarketplacePlatform Foundation and Policy Documents Platform Foundation and Policy Documents
- Pricing
- Resources ResourcesTutorials TutorialsExamples ExamplesBlog & Release Announcements Blog & Release AnnouncementsChangelog ChangelogDeveloper Newsletter Developer NewsletterKnowledge Base Knowledge BaseFeature List Feature ListSupport Plans Support PlansSystem Status System StatusLocation Services Coverage Information Location Services Coverage InformationSample Map Data for Students Sample Map Data for Students
- Help
Last Updated: November 18, 2022
Introduction
In this tutorial, we will show you how to add security to your API Keys using “Trusted Domains”. Trusted domains allow you to communicate with HERE’s APIs which domains to accept API requests from. HERE will then ignore all other requests from other domains that may have obtained your keys. By default, any website that uses your HERE API Key can make API calls. If you want to limit access to your key from your domain, then you need to add your domain as trusted on the HERE platform portal.
Note: This may not be the best solution for your environment. Please evaluate your requirements and use the most suitable solution. HERE also supports authentication using OAuth for generating access tokens.
HERE supports adding multiple domains as trusted. Each domain can have a maximum of 20 subdomains. If you need to add more subdomains, please contact us at selfservesupport@here.com.
Pre-Reqs
- HERE platform account. If you don’t have an account, you can sign-up at platform.here.com
- Publicly hosted domain name using HERE APIs with a valid DNS name. To learn more about DNS Names see this article from Wikipedia.
How to add Trusted Domains
- Login to platform.here.com
- Navigate to the Projects section or by clicking on platform.here.com/projects and then select your project.
- After selecting the project, you will be able to see the checkbox under JAVASCRIPT section like below:
Please select the checkbox and you will see a popup and click on ok. 
- Enter your DNS name to add as trusted and click on
SAVE
You can remove a trusted domain at any time by clicking on - symbol.
Note: It may take up to an hour for trusted domain changes to update.
If the website is not found in the trusted domains list on the HERE platform, API requests will fail. You can see these errors in your web browser’s console.
Securing your API key
A lot has been written on the best practices for securing API keys. We have shown you one way to do that using HERE’s platform portal. If you are interested in learning more about how to secure your API keys check out this article on FreecodeCamp.
Conclusion
By adding your website in trusted domains list, no unauthorized blah blah will be able to use your HERE API keys.
Next Steps
Now that you know how to secure your API using Trusted Domains, check out our OAuth Tutorial to learn how to generate OAuth Bearer Tokens for your backend systems.
Explore more tutorials:
