The security tab is crucial to your Projects in the way that you can manage your keys (both public and private) and your Authorized domains. If you configure it the wrong way, you won't be able to use our APIs and that would be quite a shame.

Public keys

When you create a Project, we automatically generate a single public key. "Ok Cool Woosmap, what door does this key open?"

Well, a public API key is an application programming interface unique key that allows the owner of a network-accessible service to give access to consumers of that service.

It only has reading rights and should be used client-side. It is restricted to predefined domain restrictions to make sure only you are using your public key.


Private keys

"But wait Woosmap, now you're telling me there are public keys... and private ones?! What's the difference?"

Private keys allow you to manage integrations on the server-side but also to create new Assets or update existing ones.

Remember to tick the "Give the private key write permission (creation and edition)" if you wish to create, edit or delete elements in this Project.


If this still confuses you, try and remember this:

  • Public keys = client-side requests = readable pieces of information
  • Private keys = server-side = manage data (writing, updating, deleting)

Authorized domains

One more effort and you'll be a pro at securing your Projects, you can do it!

In order to make a request on a Woosmap API, you need on the one hand to have a valid key (public or private depending on the call, look above if this doesn't ring a bell) and on the other hand to have authorized a domain (a URL) where this API can be called.

If you make a request but do not call the right domain, you will systematically receive an error. Moreover, Authorized domains are crucial in the way that it prevents non-allowed people to make API requests with your credentials.


The *, that we would call wildcard, could be useful to add as an authorized domain all of its sub-domains. For example, using * as an Authorized domain allows the API to make requests on,, and so on.