Language

Authenticate

Every request sent to the Basemap server needs to be authenticated. It means that some credentials are sent with the request allowing the server to verify user identity and authorizations.

The Basemap can be accessed through one of the 2 authentication methods described in the following section:

  • Basic authentication: Use of basic authentication is based on API Key and is usually limited to GIS tools as credentials can easily be hacked.
  • Bearer token authentication: Use of Bearer token authentication is more secure than basic authentication.

Basic authentication

Basic authentication means that the username and password are sent into the HTTP header of the request. The username and password are encrypted in base64.
Request

API Endpoint<Basemap Endpoint>
REST verbGET
AuthorizationBasic <base64 username:password>

cURL example: The following cURL example sends a GET HTTP request to the ‘https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities’ Basemap endpoint, passing base64 username:password value as basic authentication:

    > curl --request GET 'https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities' --header 'Authorization: Basic <base64 username:password>'

base64 value can be generated with the following command:

> echo "$(echo -n 'username:password' | base64)" | tr -d '\n'
> dXNlcm5hbWU6cGFzc3dvcmQ=

base64 value of ‘username:password’ is dXNlcm5hbWU6cGFzc3dvcmQ=

Note that cURL provides the –user option to avoid base64 transformation:

> curl --request GET 'https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities' --user username:password

The basic authentication for Basemap streaming uses the One Atlas API Key which is your digital signature identifying you as a user of OneAtlas services. The username and password to access the Basemap service are defined as follow:

UsernameAPIKEY
Password<API Key Value>

The username is always “APIKEY” in capital letter, while the password is the API Key value. The following section describes the way to retrieve your API Key value(s)

Get your API Key

To get your One Atlas API Key, go to the API Key Generator page. Log in with your One Atlas account credentials created at Request access to Basemap section. Click on “Create an API Key”:

api key creation panel

A new API Key window pops-up: api key created

Save the API Key value in a safe location as there is no copy of it. If this API Key is lost, another API Key needs to be created again from scratch.

Note: Please ensure you protect your API Key. If anyone else gains access to it, they will be able to make requests and use your balance.

A user can generate up to 10 API Keys. This could be convenient if you need to access to the One Atlas services in different context, for example from different tools or validity periods.

Usage example: The following cURL example sends a GET HTTP request to the ‘https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities’ basemap endpoint, passing the API Key value:

> curl --request GET 'https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities' --user APIKEY:<API Key value>

Note: An API Key is defined with an expiration date at creation. It is important to manage this constraint and to anticipate rotations. A good practice is to define regular rotations of API Keys. If your API Key expires, you won’t be able to use any service.

Bearer token authentication

Bearer token authentication means that a token is sent into the HTTP header of the request. A token contains information about user identity and authorizations:
Request

API Endpoint<Basemap Endpoint>
REST verbGET
AuthorizationBearer <Access token>

cURL example: The following cURL example sends a GET HTTP request to the ‘https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities’ Basemap endpoint, passing <Access Token> in bearer token authentication:

> curl --request GET 'https://view-bm.api.oneatlas.airbus.com/basemap/wmts?SERVICE=WMTS&REQUEST=GetCapabilities' --header 'Authorization: Bearer <Access Token>'

The following section describes the way to retrieve your Access Token value(s)

Get your Access Token

An API Key is your digital signature identifying you as a user of OneAtlas services. Using this key created in the ‘Get your API Key’ section, you can get an access token.

Note: For security reasons, access tokens expire regularly, then it’s necessary to get a new one. Tokens lifetime is defined by Airbus Authentication Service. Currently, tokens lifetime is set to one hour. It is recommended to:

  • Implement an access token cache in your application
  • Avoid huge volume of Authentication API requests
  • Anticipate new access token requests before the expiration limit

The endpoint to use to generate access tokens is described in the following table:


Request

Endpointhttps://authenticate.foundation.api.oneatlas.airbus.com/auth/realms/IDP/protocol/openid-connect/token
REST verbPOST

The required parameters are listed in the table below:

ParametersRequiredDescription
apikeyyesThe OneAtlas API Key. See ‘Get your API Key’ section
client_idyesShould be ‘IDP’ value for Basemap service
grant_typeyesShould be ‘api_key’ value for API authentication.

Below is an example to retrieve an access token with the API Key:

> curl -X POST https://authenticate.foundation.api.oneatlas.airbus.com/auth/realms/IDP/protocol/openid-connect/token -d 'apikey=<API Key>&grant_type=api_key&client_id=IDP'

If the authentication information is valid, then the return JSON structured provides an access token and its validity duration.

{
    "access_token": "<access_token>",
    "expires_in": 3600,
    "token_type": "Bearer"
}

However, if authentication information is invalid or omitted, an error message will be returned with status code 403:

{
     "error": "access_denied",
    "error_description": "Access denied"
}

Note: For security reason, providing an incorrect API key will automatically suspend the authorization to access the API for a limited period of time. During this suspension period, the user will receive a 403 error, even if the API key is valid.

Contact Us