An Application is a group of several API keys, which are credentials identifying and authenticating your own application in the IndoorAtlas platform. You can manage them in https://app.indooratlas.com/apps


You should always create a new Application and API key for each new application you deploy with IndoorAtlas, in order to manage distribution and provide additional account security for your usage. For clearly different customers (e.g. different supermarket chains) we recommend using a separate IndoorAtlas account for each, to facilitate keeping all account data separate.



Api Key Scopes


API keys have three possible scopes: “SDK”, “Positioning API” and "Data API", which can be used to restrict API key permissions. It is good to adhere to the principle of least privilege: if you do not need Positioning REST API in an application, then do not enable the Positioning API scope for the API key used in that app. Data API scope can be used separately to access user's session data.



We recommend to create a separate API Key for your development and testing and for production usage.


Api key for development

  • Enable data storage --> this allows you to use our Session Viewer which automatically identifies and notes you about issues found in your stored test walks. Moreover, IndoorAtlas' support can support you by identifying issues in the test sessions.


Api key for production

  • Select the data storage option that best fits your solution's storage needs. If you disable data storage, the above mentioned support features are not available for production data and but also some services IndoorAtlas offers, e.g. Data API, Dwell Time, Heatmap are not available.



Furthermore, for API keys with SDK scope, you need to choose how to handle location data created during IndoorAtlas positioning sessions.  


You have three options for data storage period for an API key.

  • Do not store location data
    With this option, location data does not leave the phone. Only anonymous data sent during SDK authentication is stored in the IndoorAtlas cloud. This option is recommended for the most privacy-sensitive applications. Note that Session Viewer and Data API are not available because location data is not uploaded.
  • Store location data temporarily, for up to four days
    This is the recommended options for most applications. With this option, location data is uploaded to the IndoorAtlas cloud where it is stored for up to four days. During this storage period it is available for use through the Data API and Session Viewer. After the storage period, the location data is automatically deleted.
  • Store location data permanently
    With this option, location data is stored in the IndoorAtlas cloud until you delete your IndoorAtlas account. Note that this option is not generally recommended for end-user applications because of possible issues with data protection regulations such as GDPR. It is recommended for development and quality assurance purposes, 
    • Especially when starting testing your app in practice, it's recommended to use an Api Key that stores the data to cloud. This is ensures IndoorAtlas support can help you in case you need any assistance related to IndoorAtlas SDK's outputs and events etc.





A Note About Data API Key


By default, the IndoorAtlas SDK periodically (typically available in cloud after 30-60s) uploads location data from the phone to the IndoorAtlas cloud, where it is accessible through the Data API and Session Viewer for the duration of the storage period (see above). After the storage period, location data is automatically deleted, and only anonymized data is stored, for service usage analysis and billing purposes.




How to Create An Api Key?


To create an Api Key, 

  • First select the "My apps" (phone icon on the gray sidebar on left)
  • Then create or open an Application -- in the image below, the app is called "Wayfinding App". 
  • Finally, click the "Add new Api key" button