In this tutorial we will show you how to secure HERE API keys. Please note: This may not be the best way for your solution. Please evaluate your requirements and use the best method for your operating environment. HERE also supports OAuth for generating access tokens.
In this tutorial we will show you how to add security to your API Keys. For this we use a method called "Domain Whitelisting." Domain whitelisting allows you to tell HERE's APIs from which domains to accept API requests. HERE will then ignore all other requests from other Domains that may have obtained your keys.
If you have multiple domains, you are in luck, HERE supports that as well. Lets get started.
By default, any website with your HERE Developer API Key may make API calls using your key.
If you want to limit access to your key from your domain, then you need to whitelist your domain on the HERE Developer Portal. You can whitelist your domain by following the tutorial below and adding it to the projects page section on the Developer Portal. You can add multiple domains but only a maximum 20 subdomains for each domain.
If you want to add more sub domains, you can contact us at email@example.com.
After adding the domain in your whitelist, it may take up to an hour for the changes to go into effect.
If the domain is not found in the whitelist on the HERE Developer Portal, API requests will fail. You can see these errors in your web browser’s console.
To whitelist a domain:
Login to developer.here.com
Navigate to the Projects section or by clicking on developer.here.com/projects and then select your project.
Please select the checkbox and you will see a popup and click on ok.
Enter your DNS name to whitelist and click on
Note: You can remove a whitelisted domain at any time by clicking on
A lot has been written on the best practices for securing API keys. We have shown you one way to do that using HERE's Developer Portal. If you are interested in learning more about how to secure your API keys check out this article on FreecodeCamp.
Now that you know how to secure your API using Domain Whitelisting, check out our OAuth Tutorial which teaches you how to generate OAuth Bearer Tokens for your backend systems.
Explore more tutorials: