LogoLogo
OS Docs HomeOS NGDOS APIsOS Download ProductsMore than MapsOS Data Hub
  • Introduction to OS APIs
  • Core Concepts
    • Getting started with an API project
    • Authentication
    • Error codes
    • Rate-limiting policy
    • OS API branding
    • Service level agreements
    • Service availability dashboard
  • Accessing OS APIs
    • OS Maps API
      • Layers and styles
      • Getting started
        • ESRI ArcGIS Online
        • ESRI ArcGIS Pro
        • ESRI ArcMap
        • Cadcorp SIS
        • MapInfo Pro
        • QGIS
      • Technical specification
        • ZXY
        • WMTS
      • Code examples
    • OS Vector Tile API
      • What data is available?
      • Getting started
        • ESRI ArcGIS Pro
        • Cadcorp SIS
        • QGIS
        • Create a web application using the OS Vector Tile API
      • Technical specification
        • Service Metadata
        • Stylesheet
        • Tile request
      • Code examples
      • Stylesheets
    • OS NGD API – Tiles
    • OS NGD API – Features
    • OS Features API
      • OS Product Archive
      • What data is available?
      • Getting started
        • ArcGIS Online
        • ArcGIS Pro
        • ArcMap
        • Cadcorp SIS
        • MapInfo Pro
        • QGIS
      • Technical specification
        • getCapabilities
        • describeFeatureType
        • getFeature
        • Filtering
        • Paging
        • Empty values
      • Code examples
    • OS Names API
      • Getting started with example queries using Node.js
      • Technical specification
        • Find
        • Nearest
      • Code list
      • Code examples
    • OS Linked Identifiers API
      • What data is available?
      • Getting started with implementing a look-up application
      • Technical specification
        • Identifier
        • Identifier Types
        • Feature Types
        • Product Version Information
      • Code examples
    • OS Places API
      • Getting started with example queries using Node.js
      • Technical specification
        • Find
        • Postcode
        • UPRN
        • Nearest
        • BBOX
        • Radius
        • Polygon
      • Datasets
      • Code lists
      • Code examples
    • OS Match & Cleanse API
      • End of Life Information
      • Getting started with an example match query using Node.js
      • Technical specification
      • Datasets
      • Code lists
    • OS Downloads API
      • Getting started
        • Automating OS OpenData downloads
        • Automating OS Premium data downloads
      • Technical specification
        • OpenData products
        • OpenData product details
        • Download an OpenData product
        • OpenData product image
        • Data packages
        • Data package ID
        • Data package version
        • Data package version ID
        • Download a data package
    • OAuth 2 API
      • Getting started
      • Technical specification
  • Additional resources
    • OS API Wrappers
      • JavaScript
      • Python
      • R
  • Extra Links
    • Accessibility
    • Contact us
    • PSGA Product Summary
    • Terms and conditions
Powered by GitBook
On this page
  • Types of authentication
  • Best practices
  • Monitoring and alerts

Was this helpful?

  1. Core Concepts

Authentication

To use OS APIs you need to authenticate your requests. Before you can authenticate requests you need to add the API into an API Project in the OS Data Hub; this gives you access to a Project API Key and Project API Secret. See Getting started with an API project for more information on setting up your API Project.

Types of authentication

There are three options for authenticating your API requests:

OAuth2

Using OAuth 2 for authentication is a two-stage process. First you use the Project API Key and Secret to create an access token, and then you include the access token in an Authorization header on your API request. The value of the Authorization header should be 'Bearer', a space, and then the access token, e.g. Bearer <accessToken>.

See the OAuth 2 API documentation for detailed instructions on how to create an access token.

HTTP Header

You can choose to authenticate your API request using a HTTP header. The header name should be key, and the value should be the Project API Key.

HTTP Query Parameter

You can choose to authenticate your API request using a HTTP query parameter. The parameter name should be key, and the value should be the Project API Key.

Best practices

  • Keep your API keys and tokens secure at all times.

  • Rotate your keys periodically to minimize the risk of unauthorised access.

Monitoring and alerts

  • Regularly check the usage patterns of your API keys.

  • Set up alerts for unusual or unauthorised activities that could indicate a security breach.

PreviousGetting started with an API projectNextError codes

Last updated 1 year ago

Was this helpful?