1. Authentication
AirHub API
  • Introduction
  • Authentication
    • Overview
    • Get Oauth Token
      POST
  • Briefing
    • Overview
    • B4UFLY
      • What Is B4UFLY
      • The API Basics
      • Location vs Area
      • What's New in v2
      • v2
        • B4UFLY Briefing by Area
        • B4UFLY Briefing by Location
      • v1
        • B4UFLY Briefing by Area
        • B4UFLY Briefing by Location
  • Data
    • Positions
      • Send Positions
    • Elevation v1
      • Elevation
    • Elevation v2
      • Elevation
  • Operations
    • ASL Operations
      • List Operations
      • Create Operation
      • Get Operation
      • Delete Operation
      • Update Operation
    • LAANC SDSP
      • Overview
      • LAANC Operations
        • Get Operation
        • Delete Operation
        • Create Operation
        • Update Operation
      • LAANC Authorizations
        • Rescinded and Invalid Operations
        • Submit Authorization
        • Get Authorization
        • Cancel Authorization
        • Cancel Invalid Authorization
        • Close Authorization
        • Acknowledge Rescinded Authorization
    • Ephemeral Operations
      • Create Ephemeral Operations
      • Get Ephemeral Operation
      • Delete Ephemeral Operation
      • Claim Ephemeral Operation
  • Surface, Risk, and Routing
    • Overview
    • Surface Layers
      • Get Surface Layer Access
    • Risk and Routing
      • Classify Risk
      • Generate Route
      • Surface Hexbin
  • Vector Tiles
    • Overview
  • Schemas
    • asloperationsvc.v1.FlightType
    • authorizationsvc.v1.Authorization
    • AssetTypeEnum
    • protobufAny
    • protobufNullValue
    • ephemeralsvc.v1.ClaimEphemeralOperationResponse
    • DeviceStatus
    • authorizationsvc.v1.Class
    • v2GetSurfaceAccessResponse
    • ephemeralsvc.v1.CreateEphemeralOperationRequest
    • ElevationFeature
    • authorizationsvc.v1.FacilityMap
    • risksvcv1Layer
    • authorizationsvc.v1.Deny
    • v2MetadataSource
    • ElevationGeometry
    • authorizationsvc.v1.Status
    • rpcStatus
    • ephemeralsvc.v1.CreateEphemeralOperationResponse
    • authorizationsvc.v1.SubmissionType
    • ephemeralsvc.v1.EphemeralOperation
    • ElevationOutput
    • v1Bitmask
    • v2UpdateSurfaceAccessRequest
    • v1ClassificationSurface
    • v2UpdateSurfaceAccessResponse
    • ElevationServerErrorResponse
    • ephemeralsvc.v1.PointOfContact
    • v1ClassifyResponse
    • InvalidElevationInputResponse
    • geompb.v1.AltitudeReference
    • v1HexCell
    • OwnerTypeEnum
    • geompb.v1.AltitudeUnit
    • google.protobuf.Any
    • PointXyElevationData
    • v1HexResp
    • laancsvc.v1.Action
    • google.protobuf.NullValue
    • v1RouteResponse
    • laancsvc.v1.Candidate
    • RawPositionMessageBody
    • google.rpc.Status
    • v1SurfaceGeoJSONResponse
    • laancsvc.v1.DeleteOperationResponse
    • SourceAltitudeTypeEnum
    • Transformation
    • laancsvc.v1.GetOperationResponse
    • v1SurfaceRequest
    • Unit
    • v1SurfaceResponse
    • laancsvc.v1.License
    • V1ElevationInput
    • laancsvc.v1.Notice
    • V1Geometry
    • laancsvc.v1.Operation
    • V1GeometryType
    • laancsvc.v1.OperationResponse
    • V1InVDatum
    • laancsvc.v1.OperationService.CreateOperationBody
    • laancsvc.v1.OperationService.UpdateOperationBody
    • V2ElevationInput
    • laancsvc.v1.PointOfContact
    • laancsvc.v1.Reason
    • laancsvc.v1.UpdateOperationResponse
    • laancsvc.v1.ReverseLookupOperationResponse
AirHub® Portal (Sandbox)
  1. Authentication

Overview

Getting access#

OAuth#

AirHub uses client credentials to authenticate and authorize requests. Successful authentication will return an Oauth2 accessToken. AirHub expects the accessToken to be included in all subsequent API requests using the Authorization header.

Client Credentials#

AirHub uses client credentials and an API key to authenticate and authorize requests. Successful authentication will return an Oauth2 accessToken. AirHub expects the accessToken and x-api-key to be included in all subsequent API requests.

HTTP Request#

POST https://airhub-api-sandbox.airspacelink.com/v1/oauth/token

Required Headers#

ParameterDescription
Content-Typeapplication/x-www-form-urlencoded
x-api-key<your-api-key>

Form Encoded Parameters#

ParameterDescription
grant_typeclient_credentials
client_idClient id supplied to you by Airspace Link
client_secretClient secret supplied to you by Airspace Link
scopeSee available Oauth Scopes

Scopes#

In addition to the Client ID and Secret, you must also supply one or many oauth scopes. If you're unfamiliar with scopes, you can think of them as bundles of related API endpoints that are authorized for access by your client application. Multiple scopes may be requested by separating each scope by a space.

Available Scopes#

ScopeDescription
advisory:readGrants read access to our available advisories. This includes local and federal flight advisories.
aviation:readGrants read access to aviation facility map data.
briefing:area:readGrants read access to briefings by area.
briefing:location:readGrants read access to briefings by location.
hazar:readhazar is short for "Hazards and Risks". Grants read access to our hazar data.
operation:createUsed for linking applications. Allows the creation of a UAS operation that can be linked into LAANC authorization app.
route:createAllows the creation of UAS waypoints that navigate around ground based hazards and risks.
surface:createAllows the creation of hex surfaces based on specified data sources

Examples#

Below are some examples using our sandbox environment, https://airhub-api-sandbox.airspacelink.com/.
Using cURL:
Using JS:
Make sure to replace <your-xxx> with your applicable values.
The above command returns JSON structured like this:
{
  "status": 200,
  "message": "success",
  "data": {
    "accessToken": "xyz123",
    "expires": "2021-03-16T21:57:33.332Z",
    "scope": "advisory:read"
  }
}
Modified at 2026-03-24 21:21:23
Previous
Introduction
Next
Get Oauth Token
Built with