The Bing Maps Developer portal shipped a new feature allowing you to restrict access on your Bing Maps API keys to a set of domains that you specify. With this feature customers can define a strict set of Referrer values or IP address ranges that the key will be validated against. Requests originating from your allow list will process normally, while requests from outside of your list will return an access denied response.

Adding domain Security to your API key is completely optional and keys left as-is will continue to function as they do today. The allow list for a key is independent from all of your other keys, enabling you to have distinct rules for each of your keys.

Currently we only support exact referrer name matching, meaning if your browser or header request sends https://www.contoso.com/, please have your referrer name as: https://www.contoso.com/ in the whitelisting definition. We will support short urls in a future release.

Note: Wildcards are not supported when specifying your IP addresses. However you CAN specify an IP range.

To set your Allow list, follow these simple steps:

  • Sign into the developer portal with your Microsoft Account
  • Select the My Account → My Keys menu choice to show a list of all of your keys
  • Click the ‘Enable Security’ link for the key you wish to set restrictions on
  • For a referrer rule, specify a Rule name and Referrer, then hit the green ‘plus’ button to add it
  • For an IP Range Rule, click to the IP range tab, then enter a rule name and your desired starting and ending IP address
  • You can continue to add as many rules as needed for each key
  • Press the close button when you are finished.



That’s it! Note that it can take up to 30 minutes for these changes to take effect.

If you have questions or feedback for the team, please reach out to our Bing Maps Enterprise Support team at bmesupp@microsoft.com.

- Bing Maps Team


Source: Announcing Enhanced Security for Bing Maps API Keys | Maps Blog