π Secure server-side JWT generation service for Apple MapKit JS authentication
This service provides secure JWT token generation for Apple MapKit JS, solving mobile WebKit security restrictions by handling authentication server-side with proper Apple Developer credentials.
- Secure Authentication: API key-based access control
- Apple MapKit JWT: Server-side token generation with ES256 signing
- CORS Support: Cross-origin requests for web applications
- Environment Security: Credentials stored as environment variables
- TTL Validation: Configurable token expiration with security limits
- Error Handling: Comprehensive error responses without data leaks
Generate a MapKit JWT token for authentication.
Headers:
Content-Type: application/json
X-API-Key: your-api-key
Request Body:
{
"ttl": 3600,
"origin": "optional-domain-restriction",
"sessionId": "optional-session-id"
}Response:
{
"success": true,
"data": {
"token": "eyJ...",
"expiresAt": 1640995200000,
"expiresIn": 3600,
"restricted": false,
"origin": null,
"sessionId": null
}
}Service health check endpoint.
Response:
{
"success": true,
"service": "Apple Maps JWT Service",
"version": "1.0.0",
"status": "healthy",
"timestamp": "2025-08-18T04:30:00.000Z"
}Configure these in your Vercel dashboard or .env.local:
| Variable | Description | Required |
|---|---|---|
MAPKIT_API_KEY |
Secure API key for endpoint access | β |
APPLE_TEAM_ID |
Your Apple Developer Team ID | β |
MAPKIT_KEY_ID |
Your MapKit Key ID | β |
MAPKIT_PRIVATE_KEY |
Your P8 private key content | β |
# Clone this repository
git clone https://github.com/frasergibbs/apple-maps-jwt-service.git
cd apple-maps-jwt-service
# Install dependencies
npm install
# Deploy to production
vercel --prod# Set environment variables in Vercel
vercel env add MAPKIT_API_KEY
vercel env add APPLE_TEAM_ID
vercel env add MAPKIT_KEY_ID
vercel env add MAPKIT_PRIVATE_KEYEvery request requires a valid X-API-Key header:
curl -X POST https://your-service.vercel.app/api/token \
-H "Content-Type: application/json" \
-H "X-API-Key: your-secure-api-key" \
-d '{"ttl": 3600}'- Default TTL: 1 hour (3600 seconds)
- Maximum TTL: 24 hours (86400 seconds)
- Automatic validation and capping
- No credentials stored in code
- Secure environment variable storage
- Automatic key formatting and validation
# Install dependencies
npm install
# Copy environment template
cp .env.example .env.local
# Edit .env.local with your credentials
# Start development server
npm run dev// Generate JWT token
const response = await fetch('https://your-service.vercel.app/api/token', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-API-Key': 'your-api-key'
},
body: JSON.stringify({
ttl: 3600,
origin: 'app://obsidian.md'
})
});
const { data } = await response.json();
const { token } = data;
// Use token with MapKit JS
mapkit.init({
authorizationCallback: (done) => {
done(token);
}
});This service is designed to work with the Apple Maps Obsidian Plugin:
// Automatic fallback in MapKit service
const response = await this.proxyService.generateToken({
ttl: 3600,
origin: 'app://obsidian.md'
});All errors follow a consistent format:
{
"success": false,
"error": "Description of the error"
}Common error codes:
401: Invalid or missing API key405: Method not allowed500: Server configuration error or token generation failure
All endpoints support CORS with appropriate headers:
Access-Control-Allow-Origin: *Access-Control-Allow-Methods: GET, POST, OPTIONSAccess-Control-Allow-Headers: Content-Type, X-API-Key
Monitor service availability:
curl https://your-service.vercel.app/api/healthThe service logs errors and important events:
- Authentication failures
- Missing environment variables
- Token generation errors
- Request processing metrics
MIT License - see LICENSE for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
- Apple Maps Obsidian Plugin - The client-side plugin
- Apple MapKit JS Documentation - Official Apple documentation
Made with β€οΈ for secure Apple Maps integration