URL + authentification

The API (live-api) is currently accessible using the following:

See the live-api

https://api.openstreetmap.org

When testing your software against the API you should consider using:

See the dev-api

https://master.apis.dev.openstreetmap.org

Your account for the live service is not in the same database, so you probably need a new username and password for the test service.

All of the calls to the API which update, create or delete data have to be made by an authenticated and authorized user(1).

1. Authentication works by using OAuth 2.0.

Required scopes for OAuth 2.0

The required OAuth scopes to be able to use the full API v0.6 are:

• read_prefs
• write_prefs
• write_api
  • write_changeset_comments (currently included in write_api)
• read_gpx
• write_gpx
• write_notes
• write_diary (supported scope by OAuth 2.0 but is not required by the API v0.6)
• write_redactions
• write_blocks
• consume_messages
• send_messages

If you need to compare it to older ones, check here.

Error codes

HTTP status codes (400-500).

400 (Bad Request)401 (Unauthorized)403 (Forbidden)

If you are accessing the CGImap version of the API, this error code will be returned when OAuth fails with a Bad OAuth request.

Login was unsuccessful.

Login was successful but the user is not allowed to carry out the operation. The user may have been blocked, or the OAuth application may not have been given the required permissions. An application should display the error message (which will be translated if necessary) and, if it has an end-user UI, provide an easy way to access openstreetmap.org and view any messages there.