Restricting your Mapbox key to your website
When setting up a Mapbox key, it’s possible to restrict your key to only work with your website. This is optional, but can be a good idea – it ensures that no one else can copy your key from your website and use it on their own site.
If you’d like to restrict your key, or if we have indicated that your key is currently set up with a restriction that isn't configured properly, please see the steps below:
Check your existing keys
When you first sign up for Mapbox, a “Default public token” is automatically created for your account. This token will work with Stockist, but can’t be restricted to a specific website. If you’d like to create a key that only works with your website, you’ll need to create a separate key in the Mapbox dashboard.
To see what keys you have, open
https://account.mapbox.com and sign in with the email address and password that you used to create your Mapbox account.
Once signed in, check the
Access tokens section. Your keys will be listed here:
You'll always have a Default public token, and may also have one or more other keys listed there. The number listed after URLs in the key details indicates how many websites have been granted access. A 0 or N/A indicates the key is unrestricted, while a number of 1 or greater indicates that the key will only work on certain sites.
If you’ve already created a second key, click on the key name, then skip to
Set up URL restrictions below.
If you only see the Default public token, continue to the next section to set up a separate key.
Set up a separate key
In the Access tokens section of the Mapbox dashboard, click Create a token to set up a new key:
Under
Token name, enter a memorable name for the key (visitors won't see this name, it's just for your reference):
Under Token scopes, leave the default option selected. All the checkboxes under Public scopes should be ticked, and all the checkboxes under Private scopes should not be ticked:
Set up URL restrictions
In the
Token restrictions > URLs section of your key details, you’ll want to ensure your website domain is listed there.
Your configuration should look something like this:
If you’re using Shopify, you would also want to add your myshopify.com domain as well – it would look like this:
Caution: It's important to only list your base domain (e.g. example.com). Adding the full URL to your page (e.g. example.com/pages/map) won't work.
If you’ve added a full page URL, remove it and add just the base domain instead.
Once your domain(s) have been added, click Create token or Save changes:
Final thoughts
If you created a new key for the first time, be sure to add the new key to your Stockist account under
Settings > Map provider.
If you run into any issues, please let us know and we’re happy to assist.
