access token

To use any of Mapbox’s tools, APIs, or SDKs, you’ll need a Mapbox access token. Mapbox uses access tokens to associate requests to API resources with your account. You can find all your access tokens, create new ones, or delete existing ones on your API access tokens page.

Here’s what an access token looks like in one of our APIs:

https://api.mapbox.com/v4/mapbox.emerald/page.html?access_token=<your access token here>

Public vs.secret tokens

When an access token is created, you have the choice to give it a set of zero or more scopes that define which Mapbox APIs can be accessed by that token and which methods can be used to access them. Access tokens have either public or secret scopes.

Public scopes and tokens

Public scopes only allow retrieving data from APIs. These tokens are safer to put in public applications, as they cannot be used to change data in your account. Tokens with public scopes begin with pk.

Once a public token is created, the token can be renamed and public scopes can be added and removed. Secret scopes cannot be added to public tokens.

Secret scopes and tokens

Secret scopes allow creation and modification access to Mapbox APIs as well as access to APIs that may contain account-specific information. These tokens should be used only in secure contexts. Tokens with secret scopes begin with sk.

Once a secret token is created, it can only be viewed once – if you refresh or navigate away from your API Access Tokens page, the token itself will disappear. The token can be renamed and any scopes added or removed at any time.

Default Public Token

Your account will always have at least one public access token and will appear on the Mapbox website as your Default Public Token. If you delete this token, another public token will become your Default Public Token. When you’re logged into your account, this token will automatically be embedded in example code on Mapbox.com.

You may also want to read: How do I create an API access token?