Scopes & Permissions
maps.guru uses two levels of access control: API key scopes (what services a key can access) and organization roles (what a user can do).
API Key Scopes
Each API key can be configured with specific service scopes:
| Scope | Endpoints | Description |
|---|---|---|
maps | /v1/styles/*, /v1/tiles/* | Vector tiles, style JSON, static maps |
geocoding | /v1/geocode, /v1/reverse | Forward and reverse geocoding |
routing | /v1/directions, /v1/isochrone | Route calculation and isochrones |
Scope Behavior
- A key with
mapsscope can only access map-related endpoints - Requests to endpoints outside the key's scopes return
403 Forbidden - The default key created on signup has all scopes enabled
Minimal Scopes Example
For a mobile app that only displays maps:
Key: "Mobile App Key"
Scopes: [maps]
For a backend service that only does geocoding:
Key: "Geocoding Service"
Scopes: [geocoding]
Organization Roles
Users within an organization have roles that determine their permissions:
| Role | Create Keys | Revoke Keys | Invite Members | Manage Billing | Delete Org |
|---|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes | Yes | No |
| Member | Yes | Own only | No | No | No |
Role Descriptions
Owner — Full control over the organization. Can manage billing, invite members, and delete the organization. Each organization has exactly one owner.
Admin — Can manage API keys and team members but cannot delete the organization or transfer ownership.
Member — Can create and manage their own API keys. Cannot invite members or manage billing.
Invitations
Organization owners and admins can invite new members via email:
- Go to Dashboard → Organizations → Members
- Click Invite Member
- Enter the email address and select a role
- The invitee receives an email with a link to accept
Invitations expire after 7 days.