An Application is a group of several API keys, which are credentials identifying and authenticating your own application in the IndoorAtlas platform. You can manage them in https://app.indooratlas.com/apps
You should always create a new Application and API key for each new application you deploy with IndoorAtlas, in order to manage distribution and provide additional account security for your usage.
API keys have three possible scopes: “SDK”, “Positioning API” and "Data API", which can be used to restrict API key permissions. It is good to adhere to the principle of least privilege: if you do not need Positioning REST API in an application, then do not enable the Positioning API scope for the API key used in that app. Data API scope can be used separately to access user's session data.
Furthermore, for API keys with SDK scope, you need to choose how to handle location data created during IndoorAtlas positioning sessions. By default, the IndoorAtlas SDK periodically uploads location data from the phone to the IndoorAtlas cloud, where it is accessible through the Data API and Session Viewer for the duration of the storage period. After the storage period, location data is automatically deleted, and only anonymized data is stored, for service usage analysis and billing purposes.
You have three options for data storage for an API key.
- Do not store location data
With this option, location data does not leave the phone. Only anonymous data sent during SDK authentication is stored in the IndoorAtlas cloud. This option is recommended for the most privacy-sensitive applications. Note that Session Viewer and Data API are not available because location data is not uploaded.
- Store location data temporarily, for up to four days
This is the recommended options for most applications. With this option, location data is uploaded to the IndoorAtlas cloud where it is stored for up to four days. During this storage period it is available for use through the Data API and Session Viewer. After the storage period, the location data is automatically deleted.
- Store location data permanently
With this option, location data is stored in the IndoorAtlas cloud until you delete your IndoorAtlas account. Note that this option is not generally recommended for end-user applications because of possible issues with data protection regulations such as GDPR. It is recommended only for development and quality assurance purposes.