[Trusted Domain] 401 Unauthorized - The request is not from an authorized source

You may see the following error when requesting HERE Location Services with API calls

With direct API requests, you may see the following error (screenshot taken from Postman):



With the Maps API for JavaScript, you may see the following similar error in the developer tool of the browser:



The cause of the issue is the turned-on feature of the trusted domain and the missing referer in API requests

For example, I have the following trusted domain settings at https://platform.here.com/access/apps/my_app_id > Trusted Domains



The solution is adding the trusted domain value to the referer header of API requests



For Maps API for JavaScript, you cannot manipulate the "referer" of your API request as it will be refused by HERE.



Please deploy your web app on a website with a public domain and configure the real domain name to the Trusted Domain settings.

Note

You can manipulate the Referer header of API requests but cannot do it for the HERE Maps API for JavaScript (Web SDK).

You must configure the domain name, on which you implemented the Maps API, to the Trusted Domain if you turned it on.

Reference

https://www.here.com/docs/bundle/identity-and-access-management-developer-guide/page/topics/plat-using-apikeys.html#trusted-domains