A client key is how you can enable your application or website to use ThinkGeo Cloud resources on your behalf. There are two types of client keys for different kinds of applications: NativeConfidential and JavaScript. You can have as many clients in your account as you like. Here below is the comparison between the two.

There are 2 different kinds of keys you can apply for your application: NativeConfidential, which is intended to be used in natively compiled applications or web services, and JavaScript, which is intended to be used in web applications. Here below is the comparison between the two.

You can log in to the ThinkGeo Cloud with your ThinkGeo account, the same one you can use to access our community forums. If you don't have a ThinkGeo account yet, sign up for one here.

Then, visit the ThinkGeo Cloud web console login page at https://cloud.thinkgeo.com/login.html and click the “Login with ThinkGeo Account” button.

Once logged in, click on the “Clients” button on the menu bar.

New ThinkGeo Cloud accounts come with two clients, one is NativeConfidential and the other is JavaScript, which you can use to quickly get started. Click on the green Show Keys button and the ClientId & Client Secret (for NativeConfidential Key) or JavaScript API Key (for JavaScript Client Key) will show up and ready to use.

A new key is needed if it's to be used in production. Here is how to create one.

Click on “Add Client” button and here pops up the “Create Client” button as follows:

• Name: The name of the client key, to be easily recognized.
• Granted Roles:
• Type: JavaScript or NativeConfidential
• JavaScript clients can whitelist usage by Origin Domain (e.g. mywebsite.com) or IP Address/IP Range (e.g. 203.0.113.78). NativeConfidential clients can use IP Address/IP Range restriction only.

JavaScript clients can whitelist individual origin URIs (e.g. mywebsite.com) that are allowed to use the client. This is useful for web applications that are hosted on a particular domain, where no other web address should be allowed to use your client. You can enter:

• specific web domain, e.g. mywebsite.com
• Wildcards to represent all subdomains of a given domain, e.g. *.mywebsite.com

JavaScript and NativeConfidential clients can whitelist individual IP addresses or IP address ranges that are allowed to use the client. You can enter:

• A specific IP address, e.g. 203.0.13.55
• An IP range with wildcards, e.g. 203.0.113.*
• CIDR notation, e.g. 203.0.113.0/24

Once Created, you can check the Keys by clicking on the Show Keys button, or modify it by hitting the blue pencil button on the far right.

Authorize with your key and you can play with ThinkGeo Cloud Restful APIs online.

Log in to ThinkGeo Cloud Test Page and click on the green Authorize button.

Available Authorizations window shows up and you can then input either a NativeConfidential(Client ID and Client Secret) or a JavaScript Key, and click the “Authorize” button to finish authorization.

All the APIs on ThinkGeo Cloud Test Page will be available to run online now after hitting the “Try it out” below each API.

To make it even more secure, you can even create your own Token server serving tokens to your own clients. In this way, your clients don't need to hold NativeConfidential Keys at all but only talk to your own server to get the token. It's your token server that holds NativeConfidential Keys (ClientId/ClientSecret) and talks to ThinkGeo to get the tokens. It's not hard to accomplish with ThinkGeo's APIs.