Authentication
Base URL:
- Production:
https://api.gis.ph - Local Development:
https://api.gis.ph
All /v1/* endpoints require authentication via the Authorization header.
Request Access
Section titled “Request Access”To obtain an API token, please request access here.
Authentication Methods
Section titled “Authentication Methods”The API currently supports the following authentication method:
Master Token
Section titled “Master Token”Best for: Internal tools, server-side integrations.
GET https://api.gis.ph/v1/provincesAuthorization: Bearer <YOUR_TOKEN>- Include your token in the
Authorizationheader as a Bearer token. - Note: Ensure you keep your token secure and do not expose it in client-side code (e.g., browsers).
Testing with REST Clients
Section titled “Testing with REST Clients”curl -H "Authorization: Bearer your_token_here" \ https://api.gis.ph/v1/provincesVS Code REST Client (.rest files)
Section titled “VS Code REST Client (.rest files)”### Variables@baseUrl = https://api.gis.ph@token = your_token_here
### Get all provincesGET {{baseUrl}}/v1/provincesAuthorization: Bearer {{token}}Postman
Section titled “Postman”- Create a new request
- Set the method (GET, POST, etc.) and URL
- Go to the Authorization tab
- Select Bearer Token as the type
- Paste your token in the Token field
- Send the request
Security Best Practices
Section titled “Security Best Practices”-
Never commit keys to version control
- Use environment variables:
process.env.GIS_API_KEY - Add
.envto your.gitignore
- Use environment variables:
-
Secure your token
- Treat your token like a password
- Only use it for trusted operations
Error Responses
Section titled “Error Responses”401 Unauthorized
Section titled “401 Unauthorized”Missing or invalid token:
{ "message": "Unauthorized"}Common causes:
- No
Authorizationheader provided - Token format is incorrect
- Token is invalid or expired
404 Not Found
Section titled “404 Not Found”Resource doesn’t exist or user doesn’t have access:
{ "message": "Not found"}