- Products ProductsLocation Services
Solve complex location problems from geofencing to custom routing
PlatformCloud environments for location-centric solution development, data exchange and visualization
Tracking & PositioningFast and accurate tracking and positioning of people and devices, indoors or outdoors
APIs & SDKsEasy to use, scaleable and flexible tools to get going quickly
Developer EcosystemsAccess Location Services on your favorite developer platform ecosystem
- Documentation DocumentationOverview OverviewServices ServicesApplications ApplicationsDevelopment Enablers Development EnablersContent ContentHERE Studio HERE StudioHERE Workspace HERE WorkspaceHERE Marketplace HERE MarketplacePlatform Foundation and Policy Documents Platform Foundation and Policy Documents
- Pricing
- Resources ResourcesTutorials TutorialsExamples ExamplesBlog & Release Announcements Blog & Release AnnouncementsChangelog ChangelogDeveloper Newsletter Developer NewsletterKnowledge Base Knowledge BaseFeature List Feature ListSupport Plans Support PlansSystem Status System StatusLocation Services Coverage Information Location Services Coverage InformationSample Map Data for Students Sample Map Data for Students
- Help
Last Updated: July 24, 2020
Introduction
In a previous tutorial, we showed you how to generate a bearer token using JavaScript and NodeJS.
In this tutorial, you are going to learn how to acquire a HERE OAuth Bearer Token using Python.
Pre-Reqs
- A HERE Developer Account, if you don’t have one you can get one at developer.here.com.
- OAuth Token Credentials. You can get the complete steps here.
Steps
We will complete the following steps in the tutorial: * Create an OAuth Signature * Request a token
Create an OAuth Signature
When requesting a token, you need to pass the OAuth signature in the Authorization Header of a request. This signature helps in authenticating a user or an application. The first part is to create a parameter string containing the following six key-value pairs. * grant_type - Value always remains same, “client_credentials” * oauth_consumer_key - The Access Key ID value we acquired from the credentials.properties file after generating HERE credentials * oauth_nonce - A unique string which never repeats * oauth_signature_method - Always use “HMAC-SHA256” * oauth_timestamp - The number of seconds since the Unix epoch, in simple words, the current time * oauth_version - Always use “1.0”
Open an IDE of your choice, create a Python file and add the following code to Python file. Replace your oauth_consumer_key with the Access Key ID found in the credentials file that you downloaded from developer.here.com.
import time #To generate the OAuth timestamp
import urllib.parse #To URLencode the parameter string
import hmac #To implement HMAC algorithm
import hashlib #To generate SHA256 digest
from base64 import b64encode #To encode binary data into Base64
import binascii #To convert data into ASCII
import requests #To make HTTP requests
grant_type = 'client_credentials'
oauth_consumer_key = 'HERE.ACCESS.KEY.ID' #From credentials.properties file
oauth_nonce = str(int(time.time()*1000))
oauth_signature_method = 'HMAC-SHA256'
oauth_timestamp = str(int(time.time()))
oauth_version = '1.0'
def create_parameter_string(grant_type, oauth_consumer_key,oauth_nonce,oauth_signature_method,oauth_timestamp,oauth_version):
parameter_string = ''
parameter_string = parameter_string + 'grant_type=' + grant_type
parameter_string = parameter_string + '&oauth_consumer_key=' + oauth_consumer_key
parameter_string = parameter_string + '&oauth_nonce=' + oauth_nonce
parameter_string = parameter_string + '&oauth_signature_method=' + oauth_signature_method
parameter_string = parameter_string + '&oauth_timestamp=' + oauth_timestamp
parameter_string = parameter_string + '&oauth_version=' + oauth_version
return parameter_string
parameter_string = create_parameter_string(grant_type, oauth_consumer_key,oauth_nonce,oauth_signature_method,oauth_timestamp,oauth_version)
encoded_parameter_string = urllib.parse.quote(parameter_string, safe='')In the above code, we have imported several Python Standard Libraries for achieving our task and each library has a different role to play. All the parameters are combined in a single string alphabetically, with each key-value pair separated by an ampersand character(‘&’) and the output string is URL-encoded.
Next, add the HTTP method (POST), base URL (‘https://account.api.here.com/oauth2/token’) and encoded parameter string(we got from above) into a single string called Base String.
url = 'https://account.api.here.com/oauth2/token'
encoded_base_string = 'POST' + '&' + urllib.parse.quote(url, safe='')
encoded_base_string = encoded_base_string + '&' + encoded_parameter_stringGenerating the OAuth signature requires data, which we created above (encoded_base_string) and a signing key. Both the values are passed into an HMAC-SHA256 Hashing Algorithm.
access_key_secret = 'HERE.ACCESS.KEY.SECRET'#From credentials.properties file
signing_key = access_key_secret + '&'
def create_signature(secret_key, signature_base_string):
encoded_string = signature_base_string.encode()
encoded_key = secret_key.encode()
temp = hmac.new(encoded_key, encoded_string, hashlib.sha256).hexdigest()
byte_array = b64encode(binascii.unhexlify(temp))
return byte_array.decode()
oauth_signature = create_signature(signing_key, encoded_base_string)
encoded_oauth_signature = urllib.parse.quote(oauth_signature, safe='')The output from the above method (create_signature) is first converted into a base64 string and then URL-encoded for further usage.
Request an Access Token
Once we have the signature, we can make a request for a Bearer Token. The Bearer Token is required for requests to most HERE APIs. There are several elements in the request.
Example OAuth HTTP Header:
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth
oauth_consumer_key="<The value of "here.access.key.id" from credentials.properties file>",
oauth_nonce="<Random string, uniquely generated for each request>",
oauth_signature="<Signature>",
oauth_signature_method="HMAC-SHA256",
oauth_timestamp="<Epoch seconds>",
oauth_version="1.0"Request Body:
grant_type="client_credentials"Response:
{
"access_token":"<TOKEN>",
"token_type":"bearer",
"expires_in":86399
}The above response is expected when provided request body and authorization header.
body = {'grant_type' : '{}'.format(grant_type)}
headers = {
'Content-Type' : 'application/x-www-form-urlencoded',
'Authorization' : 'OAuth oauth_consumer_key="{0}",oauth_nonce="{1}",oauth_signature="{2}",oauth_signature_method="HMAC-SHA256",oauth_timestamp="{3}",oauth_version="1.0"'.format(oauth_consumer_key,oauth_nonce,encoded_oauth_signature,oauth_timestamp)
}
response = requests.post(url, data=body, headers=headers)
print(response.text)After executing the above code, we get Access Token as the output along with token type and token validity duration.
{
"access_token":"eyJhbGci...",
"token_type":"bearer",
"expires_in":86399
}Conclusion
After going through this tutorial you should have a basic level of understanding in the following:
- How to generate an access token using the HERE OAuth credentials.
