When working with the Chargetrip API, the keys can be visible to anyone who makes an effort to look for it. That is why it is recommended to add a layer of restrictions to build more secure applications and prevent unauthorized use.


Only one restriction can be applied per x-app-id. To configure different restrictions, create multiple applications / x-app-id.


A HTTP referrer allows restriction to URLs that can use an application ID / x-app-id. This is useful when building any type of web application. Add as many URLs to a single application as needed.


To protect authorization keys when communicating from machine-to-machine, use IP addresses. Configure these addresses within an application on the dashboard.


To restrict the use of an application ID on Android, it is necessary to provide an application identifier and debug / release certificate fingerprint. To use this restriction, you will need to send an identifier and fingerprint with every request by using the x-app-identifierand x-app-fingerprint headers.


An iOS bundle identifier can be used to restrict the use of an application ID / x-app-identifier on any iOS application. To use this restriction, send the bundle identifier with every request by using the x-app-identifier header.