Authentication Service Token

  • All API requests must be authenticated using an API key or signature made with service token.
  • All Service API requests must be submitted with the “Authorization” header containing the service token.

Usage of the Service token is the most secure way, while ensuring correct HTTPS transmission.

When to use a service token with public APIs

Service tokens are ideal for use in desktop, server, or mobile applications. They add a digital signature to each request, so it’s impossible to steal the credentials during transmission. The secret token provided as part of your credentials is much more secure and prevents misuse. It is designed for internal use in companies to manage MapTiler account.

If you want to add new tilesets, update them, change their metadata, or delete them, read Managing maps using the Service API.

Do not use this type of authorization in environments where the source code of your application is visible to the potential attacker (such as client-side web applications). Keep this token private – treat it the same way as you would a password.

If your source code is visible, always use API key instead.

Get your service token

To create a service token, go to your MapTiler account, page Credentials. Create New Credential and copy the token. The token will look like this (but you need yours):

cd43c591d8404400a11e2fre48afedc9_f80f4be2adf86dfb6bc489229669877d6cfcad293f48ffe6e77898f25ab65607

To learn how to use the token, go to: