Accessing with an API Key method

Occasionally, some operations in API References may not be Authorized by the Access Token Authorization, this is mainly due to the need for such operations to be used in third-party tools and unstrusted services, which shouldn’t get any topoos Access Token or secret app credential.

For example, this can occur if you want to display a track in a Google Map and you are sending the API Get Track Request with KML format directly to Google Map API Service (and the request contains the user secret Access Token!).

For these situations some operations allow access without access token, using instead a token called API_Key. This token is the same that your app CLIENT_ID value.

Because of this, you must consider this before using this access method:

  •  The API_Key does not act as safety mechanism, since CLIENT_ID is not a secret token.
  •  The API_Key does not identify the user who is requesting the execution of the operation, uniquely identifies your application.
  •  When you are using the API_Key in a request, you can access resource using HTTP protocol (not HTTPS), since you will not get advantages of security provided by OAuth 2.0.
  • Before using API_Key method, you must consider if it is really necessary, or if you can use a safer alternative.