Secure your LocationIQ Maps deployment with Access tokens!

LocationIQ Maps access token

We would like to thank our users for the overwhelmingly positive response for our Maps API launch! We’ve received a ton of appreciation and feedback about our service. The appreciation helps us morally, and the feedback helps us set our goals for the future. 🙂

Thanks to that feedback; today, we’re launching an access-token system to address important security issues.

When you sign up for an account at LocationIQ, you get a private token sent to your mail. This is your key to the user dashboard and to our API. Our recent launch of Maps, had us looking at this system from a different perspective. Private tokens are just that; private, not to be shared or used in an application that is accessible the public. For deployments that require client-side requests, giving out a private token is risky – anyone out there can see and use it.

An access token solves this by giving a user the ability to:

  • use access tokens in multiple deployments and keep track of individual usage
  • use access tokens in public-facing deployments
  • create new access tokens and cycle through it to keep things secure
  • whitelist specific domains

LocationIQ private token vs access token

How to create an access token?

  1. Login to your user dashboard. (Link)
  2. Click on the ‘Account Details’ tab [Update: Please click on ‘Access tokens’ tab]
  3. Click on ‘Create Access Token’
  4. Fill in a desired label. (eg. iOS, Web app, Android app etc..)
  5. Click ‘Create’

We’ve also put up a quick 25 second guide below. (okay, its 28 seconds. 25 just sounds better)


Need info on best practices? Write to us at [email protected], or just leave us a message on our contact page.