Skip to content
Home
Authentication

Authentication

Every request to the Maptoolkit API requires an API key. Your key identifies your account and controls which apps and domains can make requests.

You can use the Maptoolkit MCP Server on Localhost as well as all APIs without API key. You can start right away.

Get an API Key

Sign in to your Maptoolkit account to find your API key in the account settings.

Add the API Key to a Request

You can pass the API key in two ways:

As a query parameter:

?api_key=YOUR_API_KEY

Example:

https://staticmap.maptoolkit.net?center=48.2,16.4&zoom=12&size=750x400&api_key=YOUR_API_KEY

As an HTTP header:

MTK-ApiKey: YOUR_API_KEY

Use the header approach when you do not want the key to appear in URLs — for example, in server-side requests.

Restrict Your API Key

In the Maptoolkit admin panel, you can restrict each API key to:

  • Referers — domain names that requests are allowed to come from (for browser apps)
  • User-Agents — app identifiers (for mobile or server apps)

This prevents your key from being used by unauthorized applications.