Skip to content

API requirements for nRF Cloud Location Services

The following table summarizes requirements for using Location Services through either REST or MQTT, as well as an explanation of the authorization mechanisms for each.

Protocol Authentication Key Differences
MQTT Mutual TLS Requires certificate and cloud provisioning.
REST JSON Web Token (JWT) Does not require certificate and cloud provisioning. Can be used by proxy servers on behalf of devices they serve (requires a Pro or Enterprise plan). If you want to try this service for 30 days over REST, you can create a temporary evaluation token.

MQTT requirements for Location Services

To use MQTT, you must create X.509 device certificates and provision your device on nRF Cloud:

  1. Create and provision the device certificates.
  2. Provision the devices to your account.
  3. Follow the steps in the docs for the relevant Location Service libraries in the nRF Connect SDK.

REST requirements for Location Services

When using nRF Cloud REST-based Location Service endpoints, cloud provisioning is optional, as are device certificates.

JWTs are used for authentication. Include the token in the Authorization header in calls to Location Services REST endpoints. For example, using cURL: Authorization: Bearer <your_token>.

A cloud-to-cloud setup also uses JWTs for authentication.

Authentication for proxy servers

If you are using Location Services over REST, you are likely using a proxy server in a cloud-to-cloud integration. You can use an evaluation token to temporarily evaluate the services and test your setup.

If you are using a valid evaluation token, you do not need to generate a service key separately.

Service key

If you are using nRF Cloud through a proxy server beyond the trial period, a JWT signed with a service key is required.


Cloud-to-cloud use of nRF Cloud requires a Pro or Enterprise plan.

See more information on generating a service key.

Authentication for devices

This applies to device-to-cloud (D2C) operations.

If you have successfully provisioned and connected your device to nRF Cloud, you do not need to do any additional steps for authentication.

The following steps apply if you are using the REST API without provisioning your devices on nRF Cloud and not using a proxy server:

  1. Create a key pair and provision the private key.
  2. Register the public key for each device using the RegisterPublicKeys endpoint.
  3. Follow the steps in the docs for the relevant Location Service libraries in the nRF Connect SDK, including the REST library. For creating JWTs, see the AT%JWT command and related library in the nRF91 AT Commands documentation.

If you are using Location Services and are the owner of a Pro team, you can also generate a JWT and service key through the portal or APIs.