Authentication
The Maxar Geospatial Platform (MGP) uses two systems for authentication:
- API keys
- Bearer tokens using OAuth2 Password Flow
API keys
API keys can be used for data-related APIs. They cannot be used for the Admin or API Key APIs - these require OAuth bearer tokens instead.
You can generate an API key with an expiration date of 180 days or less. API keys can be revoked at any time using this service. There is no limit to the number of API keys you can generate.
Learn more: API keys
OAuth2 bearer tokens
With OAuth2 Password flow you exchange your username and password for a bearer token that is used to authenticate requests. All APIs accept bearer tokens, but note that they have a lifespan of 2 hours so they must be refreshed once they have expired.
API clients and desktop software often include Oauth2 support and only need your username and password as inputs. The token will then be fetched and refreshed on your behalf automatically. However, we still recommend using an API key if possible since it has a smaller security footprint.
Learn more: OAuth2 bearer tokens