# TPS XML API headers and authentication

Source: [https://docs.qualcomm.com/doc/80-42216-1/topic/2_TPS_XML_API_implementation.html](https://docs.qualcomm.com/doc/80-42216-1/topic/2_TPS_XML_API_implementation.html)

To implement the Terrestrial Positioning Service (TPS) API, the device must collect data about
      the radio signal environment, including Wi-Fi access point MAC addresses, cell tower IDs, and
      signal strengths. This data is then submitted using the TPS API. Along with this data, if
      accessible, include GPS location information to improve location results even when GPS is
      unavailable. Starting from TPS v2.21, GPS switching has been added to server-side
      functionality.

### HTTP headers

For API calls, always use DNS instead of hard coded IP addresses as they're not supported by TPS
        and can cause a failure in returning location requests.

If all API calls are forwarded from a centralized server before reaching the TPS API endpoint,
        the x-forwarded-for HTTP header must be used with the original public API address of the
        device making the request.

Consider the following example of an HTTP header:

    Forwarded: for=192.0.2.60; proto=http; by=203.0.113.43Copy to clipboard

A new optional `Skyhook-Request-Token` HTTP header has been introduced in protocol
        v2.28. Clients can choose to include an opaque `messageID` in the
          `Skyhook-Request-Token` header in any type of request, and the API server
        will echo back the provided value as a `Skyhook-Request-Token` header in the
        corresponding response.

### API key

An evaluation license agreement is required to obtain an API key for TPS. For more information
        about the license agreement, contact the Qualcomm TPS team at [sales.tps@qti.qualcomm.com](mailto:sales.tps@qti.qualcomm.com).

### Unique device ID

With each unique location request, it's recommended to submit a unique device ID or
          `username` for the end-user device. This enables more accurate location
        results and impacts the redundancy of how location data is processed and weighted for
        optimization. If `username` isn't provided, reporting and API performance may
        be impacted.

Note: Individual device IDs aren't stored
        permanently in Qualcomm’s system, but are stored with a rotating hash in accordance with
        Qualcomm user and commercial privacy policies.

### Endpoint URL

The TPS API endpoint URL of XML-formatted requests is [https://global.skyhook.com/wps2/location](https://global.skyhook.com/wps2/location).

## HTTP authentication methods

Source: [https://docs.qualcomm.com/doc/80-42216-1/topic/2_TPS_XML_API_implementation.html](https://docs.qualcomm.com/doc/80-42216-1/topic/2_TPS_XML_API_implementation.html)

TPS XML API request can be authenticated using:
- HTTP headers via:
    - Skyhook authentication key and username
    - Skyhook web token
- HTTP URL parameters
- XML body

### HTTP header-based authentication

- **Skyhook auth-key and username**: Submit a request with `Skyhook-Auth-Key`
          header containing the API key along with an optional `Skyhook-Auth-User`
          containing the username associated with the key.
Note: An evaluation license agreement is
            required to obtain an API key for TPS. For more information about the license agreement,
            contact the Qualcomm TPS team at [sales.tps@qti.qualcomm.com](mailto:sales.tps@qti.qualcomm.com).

- **Skyhook web token**: Skyhook supports a token-based registration and authentication model,
          available on a per-request basis. For more information, contact the Qualcomm TPS team at
            [support.tps@qti.qualcomm.com](mailto:support.tps@qti.qualcomm.com).

### HTTP URL parameters-based authentication

The TPS XML API request body doesn't contain an explicit authentication section. Rather, the API
        key and user ID are encoded into the request endpoint
        URL.

    https://global.skyhookwireless.com/wps2/location?
    key="<somekey>&username=<someusername>"Copy to clipboard

### XML body-based authentication

Note: Starting from TPS v2.34, XML body-based authentication is
          deprecated. Previous versions of TPS can still use this authentication method.

Use the following sample XML body for
          authentication:

    <authentication version="2.2">
            <key key="YOUR API KEY HERE"
            username="DEVICE SERIAL NUM, MAC ADDRESS, OR OTHER UNIQUE ID HERE"/>
    </authentication>
    Copy to clipboard

Where:
- `key` is the API key used for this project.
- `username` is the serial number, MAC address, or other unique ID of the
            device.
- `version` is the version of the authentication type used for this
            project.

Last Published: Apr 01, 2026

[Previous Topic
Introduction to TPS XML API](https://docs.qualcomm.com/bundle/publicresource/80-42216-1/topics/1_Introduction_to_Qualcomm_TPS_API.md) [Next Topic
TPS XML API request](https://docs.qualcomm.com/bundle/publicresource/80-42216-1/topics/4_TPS_XML_API_request.md)