Tutorials / How to use Trusted Domains to Secure HERE API Keys
Last Updated: November 18, 2022
In this tutorial, we will show you how to add security to your API Keys using “Trusted Domains”. Trusted domains allow you to communicate with HERE’s APIs which domains to accept API requests from. HERE will then ignore all other requests from other domains that may have obtained your keys. By default, any website that uses your HERE API Key can make API calls. If you want to limit access to your key from your domain, then you need to add your domain as trusted on the HERE platform portal.
Note: This may not be the best solution for your environment. Please evaluate your requirements and use the most suitable solution. HERE also supports authentication using OAuth for generating access tokens.
HERE supports adding multiple domains as trusted. Each domain can have a maximum of 20 subdomains. If you need to add more subdomains, please contact us at email@example.com.
HERE platform account. If you don’t have an account, you can sign-up at platform.here.com
Please select the checkbox and you will see a popup and click on ok.
Enter your DNS name to add as trusted and click on SAVE
You can remove a trusted domain at any time by clicking on - symbol.
Note: It may take up to an hour for trusted domain changes to update.
If the website is not found in the trusted domains list on the HERE platform, API requests will fail. You can see these errors in your web browser’s console.
Securing your API key
A lot has been written on the best practices for securing API keys. We have shown you one way to do that using HERE’s platform portal. If you are interested in learning more about how to secure your API keys check out this article on FreecodeCamp.
By adding your website in trusted domains list, no unauthorized blah blah will be able to use your HERE API keys.
Now that you know how to secure your API using Trusted Domains, check out our OAuth Tutorial to learn how to generate OAuth Bearer Tokens for your backend systems.