Trusted domains for secure HERE API calls
Securing API access and credentials is one of the major considerations for application developers. In this blog post, we will be focusing on the importance and process of adding trusted domains on HERE platform. Trusted domains provide an additional layer of security beyond traditional authentication methods, such as API keys. By carefully specifying which websites and applications are authorized to use your credentials, you can significantly reduce the risk of unauthorized access to your data. Let’s get into the what, why, and how of adding trusted domains on the HERE platform.
What are Trusted Domains?
Think of HERE API credentials as expensive concert tickets. By default, these tickets are essentially general admissions, open to anyone who holds them (like anyone making API calls). Adding trusted domains is like carefully inviting someone (authorized websites and apps) to your VIP list. By specifying which websites and applications are allowed to use your credentials, you significantly mitigate the risk of unauthorized access to your data. This extra level of security, beyond the API keys, filters out any gatecrashers.
How to Add Trusted Domains on the HERE Platform?
HERE platform provides two ways to authenticate your applications – API keys and OAuth tokens. Trusted domains work only with API keys and are not enforced when OAuth tokens are used. They limit the use of API keys to the sites you specify. API calls originating from any other sites are rejected.
Trusted domains are managed from your HERE platform account. Following are the detailed steps:
- Log in to your HERE platform account.
- Open the Launcher from the top right and select Access Manager. Access Manager allows you to manage users, groups, apps and permissions.
- Within Access Manager, open Apps and select the app you would like to add trusted domains for.
- Within the app, you can find the tab for Trusted domains.
- Toggle ‘Enable Trusted domains’ to start limiting the API key usage.
- In the text box, add the URLs of domains that should freely access the API key for this app. That’s it!
Additional Considerations
- If no URLs are added in the list, any domain can make calls using the API key.
- You can add 20 domains in list using this user interface.
- Up to 3000 trusted domains can be added per application, however, if you need to add than 20, you will need to use HERE platform CLI (command line interface).
Migrating to HERE platform
If you are migrating from Developer Portal account to HERE platform account, check each project for the Trusted Domains feature. If you have previously set domains with path (for example, myroutingapp.com/showroute), you will need to update them to just use the domain (for example, myroutingapp.com). HERE platform supports only domains without paths.
Conclusion
Security is an ongoing process, so regularly review and update your trusted domains list and API keys. Trusted domains offer an additional layer of security for your HERE applications. We encourage you to try this quick tutorial and implement trusted domains to make your applications more secure.
Have your say
Sign up for our newsletter
Why sign up:
- Latest offers and discounts
- Tailored content delivered weekly
- Exclusive events
- One click to unsubscribe