If your deployment is public facing, we recommend adding HTTP referrer restrictions/ IP restrictions. This will ensure that only requests from approved domain/ IP addresses are successful and everything else returns with an 'Access Restricted' error. To do this:

  1. Login to the LocationIQ dashboard
  2. Please navigate to the 'API Access Tokens' tab
  3. Select the token of your choice and click 'View'

You'll find authorized HTTP referrers and IP addresses here. If you want to update this:

  • Click 'Update'
  • Modify approved referrers/ IP addresses
  • Click 'Update'

You can define a list of URLs authorized to call our APIs or Maps with an access token. If not specified or empty, the API will default to any URL. URLs can be targeted by matching a prefix or a suffix using the * character. For multiple HTTP referrers, specify one pattern per line.

A few examples:

  • "https://example.com/* will restrict access to all referrers starting with https://example.com
  • *.example.com will restrict access to all referrers ending with .example.com
  • If you want to allow access for the full domain example.com, you can use *example.com/*