Differences

This shows you the differences between two versions of the page.

--- thinkgeo_cloud_keys_guideline [2019/02/05 22:47]
benbai [Use the Pre-Generated Test Keys]
+++ thinkgeo_cloud_keys_guideline [2019/02/06 21:26] (current)
benbai
@@ Line 1: / Line 1: @@
-=====Apply a Client Key =====
+=====Use a ThinkGeo Cloud Client Key =====
-A client is how you can enable your application or website to use ThinkGeo Cloud resources on your behalf.  There are two types of clients for different kinds of applications: NativeConfidential and JavaScript.  You can have as many clients in your account as you like. Here below is the comparison between the two.
+A ThinkGeo Cloud Client Key is how you can enable your application or website to use ThinkGeo Cloud resources on your behalf.  You can have as many client keys in your account as you like. Different application or website can use different keys or share the same one.
-====Apply the Right Key for your Application====
-There are 2 different kinds of keys you can apply for your application: NativeConfidential, which is intended to be used in natively compiled applications or web services, and JavaScript, which is intended to be used in web applications. Here below is the comparison between the two.
+====Use the Pre-Generated Test Keys ====
+Two test clients have been pre-generated for a new ThinkGeo Account. Here is how to get them:
+First, Log in to the ThinkGeo Cloud with your ThinkGeo account, the same one you can use to access our [[http://community.thinkgeo.com/|community forums]].  If you don't have a ThinkGeo account yet, [[https://singlepoint.thinkgeo.com/registration|sign up for one here]].
+Then, visit the ThinkGeo Cloud web console login page at https://cloud.thinkgeo.com/login.html and click the "Login with ThinkGeo Account" button.
+[[https://cloud.thinkgeo.com/login.html|{{:thinkgeo_cloud_login_page.png?nolink&500}}]]
+Once logged in, click on the "Clients" button on the menu bar.
+{{::thinkgeo_cloud_dashboard.png}}
+New ThinkGeo Cloud accounts come with two clients, one is NativeConfidential and the other is JavaScript, which you can use to quickly get started. Click on the green **Show Keys** button and the ClientId & Client Secret (for NativeConfidential Key) or JavaScript API Key (for JavaScript Client Key) will show up and ready to use. Hit the blue pencil button on the far right to modify it.
+{{::thinkgeo_cloud_clientlist.png}}
+====NativeConfidential and JavasScript Client Keys====
+There are two different kinds of client keys you can apply for your application: NativeConfidential, which is intended to be used in natively compiled applications or web services; and JavaScript, which is intended to be used in web applications. Here below is the comparison between the two.
 === ===
 <div dokuteaser>
->NativeConfidential Client Key
+<html>
+<span style="black;font-size:130%;"><b>NativeConfidential Client Keys</b></span>
+</html>
 </div>
 <div dokuteaser>
->JavaScript Client Key
+<html>
+<span style="black;font-size:130%;"><b>JavaScript Client Keys</b></span>
+</html>
 </div>
-=== Use Scenarios===
+<div dokuteaser>
+Intended to be used in natively compiled applications or web services where the secret can be kept confidential.
+</div>
 <div dokuteaser>
->Intended to be used in natively compiled applications or web services where the secret can be kept confidential.
+Intended to be used in web applications.
 </div>
+=== Accessibilities to the Restful APIs ===
 <div dokuteaser>
->Intended to be used in web applications.
+Have full access to all the APIs you do, including those which manage clients and your user profile.
 </div>
-=== Accessibilities to the Restful APIs ===
+<div dokuteaser>
+Can only access ThinkGeo Cloud plugins like elevation or the reverse geocoder.
+</div>
+=== What does its key look like===
 <div dokuteaser>
->Have full access to all the APIs you do, including those which manage clients and your user profile.
+Two Base64 encoded string, one is for Client ID and the other is for Client Secret.
 </div>
 <div dokuteaser>
->Can only access ThinkGeo Cloud plugins like elevation or the reverse geocoder.
+One Base64 encoded string as APIKey.
 </div>
@@ Line 37: / Line 67: @@
 <div dokuteaser>
->These clients are called “NativeConfidential” because their secret key must be kept confidential, and thus they are only suitable for use in natively compiled applications or web services where the secret can be kept confidential, out of the hands of users.If unauthorized users gain access to both of them, they can use your client in their own applications and the API usage will count against your ThinkGeo Cloud account
+These clients are called “NativeConfidential” because their secret key must be kept confidential, and thus they are only suitable for use in natively compiled applications or web services where the secret can be kept confidential, out of the hands of users. If unauthorized users gain access to both of them, they can use your client in their own applications and the API usage will count against your ThinkGeo Cloud account
 </div>
 <div dokuteaser>
->A JavaScript client's ID does not need to be kept confidential since they are intended for use in browser-based applications where a secret cannot be kept secure. but you should restrict the client so that it can only be used from web domains you control.
+A JavaScript client's ID does not need to be kept confidential since they are intended for use in browser-based applications where a secret cannot be kept secure. But you should restrict the client so that it can only be used from web domains you control.
 </div>
@@ Line 47: / Line 77: @@
 <div dokuteaser>
->They will authenticate by exchanging their ID and secret key for an identity token. Then, they will use that token to make requests to the ThinkGeo Cloud APIs.
+They will authenticate by exchanging their ID and secret key for an identity token. Then, they will use that token to make requests to the ThinkGeo Cloud APIs.
 </div>
 <div dokuteaser>
->You only need to include the client ID in the URL of the API you are requesting – no tokens are required
+You only need to include the client ID in the URL of the API you are requesting – no tokens are required
 </div>
-====Use the Pre-Generated Test Keys ====
+====Create a New Client====
-You can log in to the ThinkGeo Cloud with your ThinkGeo account, the same one you can use to access our [[http://community.thinkgeo.com/|community forums]].  If you don't have a ThinkGeo account yet, [[https://singlepoint.thinkgeo.com/registration|sign up for one here]].
+Besides using the pre-generated 2 clients, you can create as many new clients as you want.
-Then, visit the ThinkGeo Cloud web console login page at https://cloud.thinkgeo.com/login.html and click the "Login with ThinkGeo Account" button.
+Click on "Add Client" button and here pops up the "Create Client" window as follows:
+{{::thinkgeo_cloud_create_client_javascript.png?nolink&500|}}
-Once logged in, click on the "Clients" button on the menu bar.
+  * **Name**: The name of this client, to be easily recognized.
+  * **Granted Roles**: The security roles which will be granted to this client. Each client you create is able to have up to the same security roles your account has. When clients are created, they default to having all of the roles your account has.
+  * **Type**: JavaScript or NativeConfidential
+      * JavaScript clients can whitelist usage by Origin Domain (e.g. mywebsite.com) or IP Address/IP Range (e.g. 203.0.113.78). NativeConfidential clients can use IP Address/IP Range restriction only.
-{{::thinkgeo_cloud_dashboard.png}}
+Once created, you can also check out the Keys by clicking on the Show Keys button on the same line, or modify it by hitting the blue pencil button on the far right.
-New ThinkGeo Cloud accounts come with two clients, one is NativeConfidential and the other is JavaScript, which you can use to quickly get started. Click on the green **Show Keys** button and the ClientId & Client Secret (for NativeConfidential Key) or JavaScript API Key (for JavaScript Client Key) will show up and ready to use.
+**More about Granted Roles: **
-{{::thinkgeo_cloud_clientlist.png}}
+As an account holder, you typically have two roles assigned to your account: “User”, and either “Evaluator” or “Subscriber” depending on whether or not you’ve paid us.  These roles provide access to different APIs as follows:
+  * The “User” role offers access to get and update your account profile, check your transaction statistics, see the status of your restriction quota (free evaluators are limited to 10,000 hits per day), and log into the web console.
+  * The “Evaluator” and “Subscriber” offer access to the actual services themselves: vector and raster tiles, WMS, elevation, geocoding and reverse geocoding, and so on.
-====Apply a New Key====
+Each client you create is able to have up to the same security roles your account has.  So if you have “User” and “Evaluator”, all of your clients can have those roles too – but you can also set a client to have fewer permissions than you if you want to lock it down further.  For example, if you’re only going to use your client to consume our services, and you won’t be using it to get account or statistics information, you could remove “User” from the Granted Roles dropdown.
-A new key is needed if it's to be used in production. Here is how to create one.
-Click on "Add Client" button and here pops up the "Create Client" button as follows:
+For the most part, customers will never have to mess with this.  When clients are created, they default to having all of the roles your account has.  The only thing you might realistically ever want to do is remove “User” for extra security, but it’s not a big deal if you don’t.
-{{::thinkgeo_cloud_create_client_javascript.png?nolink&500|}}
-  * Name: The name of the client key, to be easily recognized.
+**More about Client Key White List:**
-  * Granted Roles:
-  * Type: JavaScript or NativeConfidential
-  * JavaScript clients can whitelist usage by Origin Domain (e.g. mywebsite.com) or IP Address/IP Range (e.g. 203.0.113.78). NativeConfidential clients can use IP Address/IP Range restriction only.
-==More about Client Key Whitelist==
 JavaScript clients can whitelist individual origin URIs (e.g. mywebsite.com) that are allowed to use the client. This is useful for web applications that are hosted on a particular domain, where no other web address should be allowed to use your client. You can enter:
   * specific web domain, e.g. mywebsite.com
@@ Line 86: / Line 116: @@
           * An IP range with wildcards, e.g. 203.0.113.*
           * CIDR notation, e.g. 203.0.113.0/24
-Once Created, you can check the Keys by clicking on the Show Keys button, or modify it by hitting the blue pencil button on the far right.
 ====Play with ThinkGeo Cloud Restful APIs Online====
@@ Line 98: / Line 125: @@
 {{::thinkgeo_cloud_api_test_page.png?400}}
-Available Authorizations window shows up and you can then input either a NativeConfidential(Client ID and Client Secret) or a JavaScript Key, and click the "Authorize" button to finish authorization.
+Available Authorizations window shows up and you can then input either a NativeConfidential(Client ID and Client Secret combination) or a JavaScript Key, and click the "Authorize" button to finish authorization.
 {{::thinkgeo_cloud_available_authorizations_native_confidential.png?400}}
@@ Line 106: / Line 133: @@
 ====Advanced Usages ====
-To make it even more secure, you can even create your own Token server serving tokens to your own clients. In this way, your clients don't need to hold NativeConfidential Keys at all but only talk to your own server to get the token. It's your token server that holds NativeConfidential Keys (ClientId/ClientSecret) and talks to ThinkGeo to get the tokens. It's not hard to accomplish with ThinkGeo's APIs.
+To make it even more secure, you can even create your own Token server serving your clients. In this way, your application doesn't need to hold NativeConfidential Keys and talk to ThinkGeo Server, instead it just talk to your own server to get the token. It's your token server that holds NativeConfidential Keys (ClientId/ClientSecret) and get the tokens from ThinkGeo.

User Tools

Site Tools

Differences

Page Tools