We would like to thank our users for the overwhelmingly positive response for our Maps API launch! We’ve received a ton of appreciation and feedback about our service. The appreciation helps us morally, and the feedback helps us set our goals for the future. 🙂
Thanks to that feedback; today, we’re launching an access-token system to address important security issues.
When you sign up for an account at LocationIQ, you get a private token sent to your mail. This is your key to the user dashboard and to our API. Our recent launch of Maps, had us looking at this system from a different perspective. Private tokens are just that; private, not to be shared or used in an application that is accessible the public. For deployments that require client-side requests, giving out a private token is risky – anyone out there can see and use it.
An access token solves this by giving a user the ability to:
- use access tokens in multiple deployments and keep track of individual usage
- use access tokens in public-facing deployments
- create new access tokens and cycle through it to keep things secure
- whitelist specific domains
How to create an access token?
- Login to your user dashboard. (Link)
Click on the ‘Account Details’ tab[Update: Please click on ‘Access tokens’ tab]- Click on ‘Create Access Token’
- Fill in a desired label. (eg. iOS, Web app, Android app etc..)
- Click ‘Create’
We’ve also put up a quick 25 second guide below. (okay, its 28 seconds. 25 just sounds better)
Need info on best practices? Write to us at [email protected], or just leave us a message on our contact page.