Authentication
Learn how to authenticate your API requests
Authentication
The Bubbly Maps API supports two authentication methods:
- Session-based authentication - For users logged into the web application
- API Token authentication - For programmatic access
API Token Authentication
For API access, you can use an API token in the Authorization header.
Getting an API Token
Contact the Bubbly Maps team to obtain an API token for your application.
Using the API Token
Include the token in the Authorization header with the Bearer scheme:
curl -X POST https://bubblymaps.org/api/waypoints \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-d '{"name": "Example Fountain", "latitude": 40.7128, "longitude": -74.0060}'JavaScript Example
fetch('https://bubblymaps.org/api/waypoints', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer YOUR_API_TOKEN'
},
body: JSON.stringify({
name: 'Example Fountain',
latitude: 40.7128,
longitude: -74.0060
})
});Session Authentication
When using the web application, authentication is handled automatically through session cookies. No additional headers are required.
API Token Privileges
API tokens have extended privileges compared to regular user sessions:
- Can set
approved,verified, andaddedByUserIdfields when creating or updating waypoints - Bypass XP (experience points) requirements
- Can perform administrative actions
Security Best Practices
Keep your API token secure! Never expose your API token in client-side code or public repositories.
- Store API tokens securely (e.g., environment variables)
- Rotate tokens periodically
- Use HTTPS for all API requests
- Limit token scope to specific applications or services