User Tools

Site Tools


Getting Started with the ThinkGeo Cloud

ThinkGeo Cloud offers a cloud-hosted suite of APIs that allow you to easily consume map tiles, geocode and reverse geocode, perform spatial operations and other GIS services. Whether you're just evaluating the Thinkgeo Cloud or you're a subscriber, this quick start guide will help you start consuming these services in your own applications.

Logging In

You can login to the ThinkGeo Cloud with your ThinkGeo account, the same one you can use to access our community forums. If you don't have a ThinkGeo account yet, sign up for one here.

Then, visit the ThinkGeo Cloud web console login page at and click the “Login with ThinkGeo Account” button.

The Dashboard

Once logged in, you'll be at the Dashboard page of the ThinkGeo Cloud web console. The Dashboard offers a quick look at the activity of your ThinkGeo Cloud clients over the past 24 hours. If you're a new user, you won't see any activity here.

You’ll want to start your experience by creating a *client* within ThinkGeo Cloud. A client is how you can enable your application or website to use ThinkGeo Cloud resources on your behalf. There are two types of clients for different kinds of applications, and each has its own ID and secret key. You can have as many clients in your account as you like.

To manage your clients, begin by clicking on the “Clients” button on the menu bar.

Managing Your Clients

New ThinkGeo Cloud accounts come with two clients, one of each type, that you can use to quickly get started.

  • NativeConfidential clients have full access to all the APIs you do, including those which manage clients and your user profile. They will authenticate by exchanging their ID and secret key for an identity token. Then, they will use that token to make requests to the ThinkGeo Cloud APIs. These clients are called “NativeConfidential” because their secret key must be kept confidential, and thus they are only suitable for use in native compiled applications or web services where the secret can be kept confidential, out of the hands of users.
  • JavaScript clients are intended to be used in web applications. They are simpler to use but can only access ThinkGeo Cloud plugins like elevation or the reverse geocoder. To use a JavaScript client, you only need to include the client ID in the URL of the API you are requesting – no tokens are required. A JavaScript client's ID does not need to be kept confidential, but you should restrict the client so that it can only be used from web domains you control. See Securing Your Clients below for more information.

For now, let's use one of the default clients that come with your ThinkGeo Cloud account. For this exercise, we'll choose the Native Confidential client called “Sample Native Client”.

To use this client, you'll need its ID (or API Key) and secret. These can be displayed if you click on the green Show Keys button. The “Client Details” dialog will appear, showing you both the API Key and API Secret as follows:

You can use the “Copy” button to copy these values to your clipboard and use them in your application when authenticating.

Note: JavaScript clients will only have an API Key, since they are intended for use in browser-based applications where a secret cannot be kept secure.

Securing Your Clients

Keeping Secrets Safe

You should take all necessary precautions to keep safe the API Key and API Secret – particularly the latter – of your NativeConfidential clients. Since these two values together can always be used to request an access token, if unauthorized users gain access to both of them, they can use your client in their own applications and the API usage will count against your ThinkGeo Cloud account.

For maximum security, if you are developing a client application that will be distributed to end users, it's a good idea to create your own web service or serverless function such as AWS Lambda to store your client key and secret. This service or function can then field requests from your application, call out to the ThinkGeo Cloud to get an access token, and then return it to application. Your application can then use the access token to make ThinkGeo Cloud API calls.

In contrast, JavaScript client API keys are less confidential, but you should take care to restrict them in the ThinkGeo Cloud web console so they can only be used from authorized sites or IP addresses.

Restricting Who Can Use Your Client Keys

The ThinkGeo Cloud web console lets you configure your clients so they can only be used from approved locations. This is a highly recommended step to ensure that only you are able to use your client keys.

On the “Clients” page of the ThinkGeo Cloud web console, pick the client you wish to secure and click the blue Pencil button. The “Edit Client” dialog will appear. Near the bottom, you'll see a text box where you can add restrictions for your client.

JavaScript clients can whitelist usage by Origin Domain (e.g. or IP Address/IP Range (e.g. NativeConfidential clients can use IP Address/IP Range restriction only.

Whitelisting Origin URIs

JavaScript clients can whitelist individual origin URIs (e.g. that are allowed to use the client. This is useful for web applications that are hosted on a particular domain, where no other web address should be allowed to use your client. You can enter:

  1. A specific web domain, e.g.
  2. Wildcards to represent all subdomains of a given domain, e.g. *
Whitelisting IP Addresses/IP Ranges

JavaScript and NativeConfidential clients can whitelist individual IP addresses or IP address ranges that are allowed to use the client. You can enter:

  1. A specific IP address, e.g.
  2. An IP range with wildcards, e.g. 203.0.113.*
  3. CIDR notation, e.g.
thinkgeo_cloud_quick_start_guide.txt · Last modified: 2018/12/13 23:04 by brianr