GuidesChangelogData Inspector Library API Reference
Guides
  1. Command Line Interface
  2. Get started with OLP CLI

Set up your credentials for OLP CLI

Set up your credentials for OLP CLI

Get your credentials

You need to obtain and properly configure your credentials so that the OLP CLI can connect to the HERE platform.

Your credentials are used for authentication. The HERE platform uses the concept of apps and access keys to control the access to resources. For more details, see the Identity and Access Management Guide.

The credentials consist of the here.access.key.id and here.access.key.secret contained in a credentials.properties file. The credentials.properties file is the one that is used to authenticate any olp CLI calls. You can download this file from the platform portal when creating an access key for an app. See the procedure below in the Credentials setup.

The following snippet illustrates an example of a credentials.properties file:

here.user.id = HERE-01966c94-aaf1-4ae2-a1y6-6516b3f9b6c1
here.client.id = mzLcb1rL8nskvDQpCAAO
here.access.key.id = BELUTk45QdaYGgZ9A_IMTA
here.access.key.secret = 108lI7w9m8G_6sIw9kng-PXGoeHQQ-cv6xByNOuMcRYixZZp...
here.token.endpoint.url = https://account.api.here.com/oauth2/token

Note

You can add all the access permissions you want to one app, and use this one app for all your local development needs (same as your personal access credentials for the Web UI), but you probably should not use it for production. You can generate app credentials for running specific applications in specific environments. These apps should only be granted access to the minimal amount of resources they need to fulfill their function.

You can save multiple credentials (also known as profiles) in .here/olpcli.ini file, and then choose profile with the --profile <profile name> parameter. For more details see Pass credentials to the OLP CLI.

Credentials setup

Follow the procedure below to configure your credentials:

  1. In the platform portal, in the upper-right corner, click your account icon and select Apps & keys.

  2. Click the Register new app button and specify the requested information.

  3. In the Credentials tab, go to the OAuth 2.0 tab and click Create credentials.

  4. In the dialog box that opens, click Download to download the credentials.properties file.

    Once you click Close, you can no longer access your access key ID and access key secret.

  5. To create a default profile and associate your credentials with it, run the following command:

    olp credentials import default credentials.properties
  1. To verify that your credentials have been correctly configured, execute the command below in the directory that contains the OLP CLI JAR file:
    olp api token get

An output similar to the one below is generated if your credentials have been configured properly:

Token: eyJhbGciOiJSUzUxMiIsImN0eSI6IkpXVCIsImlzcyI6IkhFUkUiLCJhaWQiOiJtekxjYjFyTDhuc2t2RFFwQ0ZFRiIs
ImlhdCI6MTUyMTgwNjYyOCwiZXhwIjoxNTIxODkzMDI4LCJraWQiOiJqMSJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk
1qVTJRMEpETFVoVE5URXlJbjAuLmtGc0JMODJibEUxTHhCS1M3MEctcFEuZHhsb2psaklEQmdNVEdoMEFKMHAzUU9yeE9INXdhd
1hkWjVSLS1Kdkc3VFBoUkRWY3owcUFYZ0V2Y3kwOGpMdzBCR09sNjJfZ2pxeUNuLXhET3JtZV8xNUlkV0tJN2VxTUpZNTNJelRx
ZjhUSzdVVHlEUlJFVnBLRW5BN2FvR2MubFViMTNGYWdKMlVGZXVQZnZsVG44Y2JqTzdtbF9ncGpLamFUN0xmZFF0UQ.EPYB9Rdy
jCHFxrqpaEBWkPzhPmFrAPBKlkt8SQpcI0k71mH_vC6txh6Uv1NVQC4xYyWG7ueq5mb4mcQh1sCorcv15GwIH1R0v0NR_CRPh-M
DNSFtg8HNnWyC1ePsfUGpSqjucQW8RMdbsU03wDO50Pr3ctQI4BZrxiU4HW6tdQq9_TinizujACzE-LMZ6FlFAb6pPB8TDsFlY3
9OmBFXEanaPvZwE01dKjE1K_A_G1_TiJzWo4vwuNeD54HfmOf6hN1IE8-CCSKRoIFoIBiVNqqzyCybyovRlSCWzSaTNz4v9BD7N
2lDgEuBlpn3q0qTFppZzjEvzv3RicGrCC_tmB
Token Expires at: 2018-03-24T14:03:48.100Z

You can now use your credentials to connect to the HERE platform resources through the OLP CLI.

Warning:

Storing your credentials

Keep your credentials private. Don't share them between workstations or users. Don't commit them to public repositories such as GitHub.

For more information on credentials configuration options, see Get your credentials.

Scopes

The HERE platform uses OAuth2 scopes as a mechanism to control access to certain resources. Each of the OLP CLI commands that support scope resolves the scope to use in the request in the following priority order:

  1. --scope <project HRN>: An optional parameter that specifies the scope to use in the request.

  2. here.token.scope: An optional attribute to include in the credentials used for the request.

  3. Application default scope: If the client making the request has a default scope configured and neither of the above two parameters are present, the client's default scope will be used in the request.

  4. If a scope is not found in either of the above three locations, the request will not use any scope.

Profiles

Credentials profiles allow you to define multiple profiles to use different credentials for different projects. You can use credentials profiles to manage and organize multiple app credentials from multiple credentials.properties files.

Profiles and the related credentials are stored in the .here/olpcli.ini file in your home directory. You can manage profiles with the credentials commands. The .here/olpcli.ini file is created after you add your first profile with the olp credentials import command, as described in the Setup section below

Pass credentials to the OLP CLI

The OLP CLI allows you to pass your credentials via optional parameters of the CLI commands or by setting environment variables. The OLP CLI resolves credentials in the following order:

  1. --credentials <path to credentials file>: An optional parameter that you append to the end of an applicable CLI command. This parameter specifies the path to the credentials.properties file to use with the command.

    For example, execute the command below:

olp catalog layer show hrn:here:data::org:test-catalog test-layer --credentials credentials.properties

This shows the properties of the test-layer layer if your credentials allow you to access the hrn:here:data::org:test-catalog catalog.

  1. OLP_CREDENTIALS: An environment variable that defines the path to the credentials.properties file used for all CLI commands by default.

  2. --profile <profile name>: An optional parameter that you append to the end of an applicable CLI command. This parameter specifies the name of the profile to use with the command.

    For example, the following command shows a list of catalogs accessible to the olp-user profile, including all the public HERE platform catalogs:

    olp catalog list --profile olp-user

  1. OLP_PROFILE: An environment variable that defines the name of the profile to use for all CLI commands by default.

  2. default profile: A profile that you create by running the command below:

    olp credentials import default credentials.properties
  1. credentials.properties default location: A path to the .here folder in your home directory where your credentials file is stored by default.

Note

OLP CLI token management

Before executing any command, the OLP CLI automatically calls the HERE API to retrieve an API token. This token is essential for authenticating and authorizing access to various HERE services.

To optimize the performance of the OLP CLI in scripts and reduce the overhead of repeatedly fetching the token, you can set the HERE_TOKEN environment variable with the token obtained from the olp api token get command. This approach ensures the token is reused, speeding up the execution of CLI commands.

Note

Some OLP CLI commands require that you specify a group ID. Your administrator must set up the relevant group IDs for your account and assign your application to the group. If your app is not assigned to a group, then the command produces an error. For more information on group IDs, see the Identity & Access Management Guide.

Updated 21 days ago