Authentication

API Key authentication allows you to consume Nearmap imagery in an application without having to provide your Nearmap username and password as authentication credentials. Instead you include an API Key, a unique long string associated with a particular user on your Nearmap account, in all requests to Nearmap endpoints by appending it to a URL.

Nearmap APIs come with in-built API Key authentication, which means you do not have to provide your Nearmap username and password as authentication credentials. As a Nearmap user, you can create your own API key in MyAccount so you can use Nearmap imagery in other applications.

Why use API key authentication

API Key authentication has the following advantages over providing username and password when integrating with Nearmap imagery:

  • More secure: some existing applications do not provide a means of passing through username and password in a secure manner. API Key authentication is a more secure approach than using HTTP Basic Authentication or appending username and password directly to a URL.
  • More integrations possible: some existing applications do not provide a means of passing through username and password at all, and as such have not been able to consume Nearmap imagery. Many of those applications will work with an API Key.
  • Simpler: for customer applications, API Key authentication is a simpler approach than programmatically generating an access ticket that has to be periodically refreshed or programmatically revoked. Using an API Key may eliminate the need for any server-side programming for simple web applications.

Organizing your integrations

There are two key components to Nearmap API Key authentication:

  1. API Applications: Applications allow you to organize your Nearmap integrations, and to set different access restrictions for different integrations. You can have as many API Applications as you need on your Nearmap account. You must be a Nearmap administrator to create and manage API Applications.
  2. API Keys: Every user on a Nearmap account can create one API Key for each API Application on that account. Usage accrued by an integration that uses an API Key will be a recorded against the user who owns that API Key.

Managing API keys

Manage API keys using the simple interface in MyAccount; an API call is not required to create an API key.

To create an API key, you must select an application. If there are no applications to associate with an API key, or the application you want is not there, contact your organization's Nearmap administrator.

Alternatively, learn how to create or manage an API application as a Nearmap Administrator.

Validity

An API key is valid until you delete it. However, it may need to be updated periodically. Hover over the API key name to check its expiry date and refresh your key when it reaches the expiry date.

Usage

API key authentication works for both desktop and custom web applications. If your application supports using map content via any of the supported Nearmap interface, such as WMS, you should be able to integrate Nearmap imagery with minimal configuration.

Configuration

You can configure an API key so that it can only be used from a restricted set of IP addresses or applications. See Manage API Applications for details.

Restrictions

By design, you cannot use an API key to log into Nearmap MapBrowser and MyAccount. You must use your Nearmap user name and password to log into these applications.

Common Usage Scenarios

API Applications and API Keys together provide a flexible means of organizing your Nearmap integrations. Here are some common usage scenarios:

  • Existing GIS application (e.g. Esri ArcGIS for Desktop): you could have one API Application for all your GIS applications, or alternatively one for each application, if they had different access restrictions. Each user of the GIS application may use their own distinct API Key.
  • Custom web application: you could have just a single API Application, or alternatively you could have separate API Applications for your different hosting environments – for example, development, staging, production. All usage of Nearmap imagery is via one single API Key. Commonly you would create a separate Nearmap user that only consumed imagery via that API Key.

Support for Legacy Authentication Methods

We no longer provide support for integrations using legacy authentication mechanisms:

  • Ticket-based authentication
  • HTTP Basic authentication
  • Username and password in a URL