My App
Guides

Authentication

API key and session access rules.

Authentication

Use X-API-Key: pk_... for service APIs. Browser Console calls can also use Better Auth session cookies.

Published public map assets under /tiles/*, /styles/v1/*, and /fonts/* can load without a key. A valid key or session may still be used for private-owner access and metering.

Invalid keys return 401 UNAUTHORIZED; expired keys return 401 KEY_EXPIRED; origin-restricted keys can return 403 DOMAIN_NOT_ALLOWED; missing scopes return 403 SCOPE_DENIED.

Tiles

Implemented TileJSON and vector tile routes.

Production Best Practices

Practical production notes for current Planisfy deployments.

On this page

Authentication