Skip to content

API requirements for nRF Cloud Location Services

The following table summarizes requirements for using Location Services through either REST or MQTT, as well as an explanation of the authorization mechanisms for each.

Protocol Authentication Key Differences
MQTT Mutual TLS Requires certificate and onboarding.
REST JSON Web Token (JWT) Does not require certificate and onboarding. Can be used by proxy servers on behalf of devices they serve (requires a Pro or Enterprise plan). If you want to try this service for 30 days over REST, you can create a temporary evaluation token.

MQTT requirements for Location Services

To use MQTT, you must create X.509 device certificates and onboard your device to nRF Cloud:

  1. Create and inject the device certificates.
  2. Onboard the device.
  3. Follow the steps in the docs for the relevant Location Service libraries in the nRF Connect SDK.

REST requirements for Location Services

When using nRF Cloud REST-based Location Service endpoints, onboarding is optional, as are device certificates.

JWTs are used for authentication. Include the token in the Authorization header in calls to Location Services REST endpoints. For example, using cURL: Authorization: Bearer <your_token>.

A cloud-to-cloud setup also uses JWTs for authentication.

Authentication for proxy servers

If you are using Location Services over REST, you are likely using a proxy server in a cloud-to-cloud integration. You can use an evaluation token to temporarily evaluate the services and test your setup.

If you are using a valid evaluation token, you do not need to generate a service key separately.

Service key

If you are using nRF Cloud through a proxy server beyond the trial period, a JWT signed with a service key is required.


Cloud-to-cloud use of nRF Cloud requires a Pro or Enterprise plan.

See more information on generating a service key.

Authentication for devices

This applies to device-to-cloud (D2C) operations.

If you have successfully onboarded and connected your device to nRF Cloud, you do not need to do any additional steps for authentication.

The following steps apply if you are using the REST API without onboarding your devices on nRF Cloud and not using a proxy server:

  1. Create a key pair and inject the private key.
  2. Register the public key for each device using the RegisterPublicKeys endpoint.
  3. Follow the steps in the docs for the relevant Location Service libraries in the nRF Connect SDK, including the REST library. For creating JWTs, see the %JWT AT command and related library in the nRF91 AT Commands documentation.

If you are using Location Services and are the owner of a Pro team, you can also generate a JWT and service key through the portal or APIs.