AWS Security ChangesHomeSearch

AWS location documentation change

Service: location · 2026-05-31 · Documentation low

File: location/latest/developerguide/using-apikeys.md

Summary

Updated API references from 'geotags' to 'geoapikeys' prefix, added UpdateKey API reference, removed 'Restrict API key usage' and 'API key best practices' sections, and replaced inline references with links to external best practices document.

Security assessment

The changes involve documentation restructuring and API reference updates without evidence of addressing specific vulnerabilities. Removal of security best practices sections is offset by adding external links to equivalent content. No security vulnerabilities or incidents are mentioned.

Diff

diff --git a/location/latest/developerguide/using-apikeys.md b/location/latest/developerguide/using-apikeys.md
index 52167d8d4..9646f5d1d 100644
--- a//location/latest/developerguide/using-apikeys.md
+++ b//location/latest/developerguide/using-apikeys.md
@@ -7 +7 @@
-Create an API keyCall an APIRestrict API key usageBest practices
+Create an API keyCall an API
@@ -23 +23 @@ For example, you might want a web application that shows your business location
-See API key best practices for additional information about when to use API keys.
+See [Best practices for API keys](./api-keys-best-practices.html) for additional information about when to use API keys.
@@ -27 +27 @@ For more information about working with keys using the Amazon Location Service A
-  * [CreateKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_CreateKey.html)
+  * [CreateKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_CreateKey.html)
@@ -29 +29 @@ For more information about working with keys using the Amazon Location Service A
-  * [DeleteKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_DeleteKey.html)
+  * [DeleteKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_DeleteKey.html)
@@ -31 +31 @@ For more information about working with keys using the Amazon Location Service A
-  * [DescribeKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_DescribeKey.html)
+  * [DescribeKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_DescribeKey.html)
@@ -33 +33,3 @@ For more information about working with keys using the Amazon Location Service A
-  * [ListKeys](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_ListKeys.html)
+  * [ListKeys](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_ListKeys.html)
+
+  * [UpdateKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_UpdateKey.html)
@@ -61 +63 @@ Amazon Location console
-     * **Expiration time** – Optionally, add an expiration date and time for your API key. For more information, see API key best practices.
+     * **Expiration time** – Optionally, add an expiration date and time for your API key. For more information, see [Best practices for API keys](./api-keys-best-practices.html).
@@ -105 +107 @@ Amazon Location API
-Use the [CreateKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_CreateKey.html) operation from the Amazon Location APIs. The following example is an API request to create an API key called `ExampleKey` with no expiration date and access to a single map resource.
+Use the [CreateKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_CreateKey.html) operation from the Amazon Location APIs. The following example is an API request to create an API key called `ExampleKey` with no expiration date and access to a single map resource.
@@ -129 +131 @@ The response includes the API key value to use when accessing resources in your
-You can also use the [DescribeKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_DescribeKey.html) API to find the key value for a key at a later time.
+You can also use the [DescribeKey](https://docs.aws.amazon.com/location/latest/APIReference/API_geoapikeys_DescribeKey.html) API to find the key value for a key at a later time.
@@ -309,67 +310,0 @@ Use the following code:
-## Restrict API key usage by request origin
-
-You can configure API keys with client restrictions that limit access to specific domains or mobile applications. When restricting by domain, requests will be authorized only if the HTTP Referer header matches the value that you provide. When restricting by Android or Apple application, requests will be authorized only if the application identifier HTTP header fields match the values that you provide.
-
-For more information, see [ApiKeyRestrictions](https://docs.aws.amazon.com/location/latest/APIReference/API_geotags_ApiKeyRestrictions.html) in the _Amazon Location Service API Reference_.
-
-**Android application identifiers:**
-
-  * `X-Android-Package`:
-
-A unique identifier for Android applications, defined in the app's `build.gradle` file, typically following a reverse-domain format.
-
-Example:
-
-`com.mydomain.appname`
-
-  * `X-Android-Cert`:
-
-The SHA-1 hash of the signing certificate used to sign the Android APK.
-
-Example:
-
-`BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75`
-
-
-
-
-**Apple application identifiers:**
-
-  * `X-Apple-Bundle-Id `:
-
-A unique identifier for Apple (iOS, macOS, etc.) applications, defined in the app's `Info.plist`, typically following a reverse-domain format.
-
-Example:
-
-`com.mydomain.appname`
-
-
-
-
-## API key best practices
-
-API keys include a plain text _value_ that gives access to one or more resources or APIs in your AWS account. If someone copies your API key, they can access those same resources and APIs. To minimize the potential impact, review the following best practices:
-
-  * **Limit the API key**
-
-To avoid the situation above, it is best to limit your API key. When you create the key, you can specify the domain, Android app or Apple app where the key can be used.
-
-  * **Manage API key lifetimes**
-
-You can create API keys that work indefinitely. However, if you want to create a temporary API key, rotate API keys on a regular basis, or revoke an existing API key, you can use _API key expiration_.
-
-    * You can set the expiration time for an API key when you create or update it.
-
-    * When an API key reaches its expiration time, the key is automatically deactivated. Inactive keys can no longer be used to make requests.
-
-    * You can change a temporary key to a permanent key by removing the expiration time.
-
-    * You can delete an API key 90 days after deactivating it.
-
-    * If you attempt to deactivate an API key that has been used within the last seven days, you'll be prompted to confirm that you want to make the change. 
-
-If you are using the Amazon Location Service API or the AWS CLI, set the `ForceUpdate` parameter to `true`, otherwise you'll receive an error.
-
-
-
-