Get Basemaps
const url = 'https://example.com/api/settings/basemaps/';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/settings/basemaps/Return the configured basemap list (public, no auth required).
Basemaps with {api_key} in the URL are filtered out when no key is
configured. When a key IS set the placeholder is resolved server-side.
The response uses BasemapPublicResponse which excludes api_key.
SEC-S10 (2026-05-20 audit): the resolved url field intentionally
includes the substituted api_key value when configured. Client-side
tile-provider keys (Mapbox, Stadia, MapTiler) are designed for browser
exposure and the frontend MUST receive them to load tiles. Do NOT put a
backend-only commercial-tier key in this field — rotate the key in the
provider dashboard if it is misused. Rate-limited via
_basemap_proxy_rate_limit to cap replay-cost from anonymous clients.
Responses
Section titled “ Responses ”Successful Response
Public basemap response — excludes api_key.
object
Unique basemap identifier.
Display label.
Tile URL or style JSON URL with API key already substituted (or omitted) for client use.
Whether the basemap is currently selectable.
Whether this is a built-in preset.
Example generated
[ { "id": "example", "label": "example", "url": "example", "enabled": true, "is_preset": true, "attribution": "example" }]Bad request — invalid query parameters or payload
object
Example
{ "type": "about:blank"}Unauthorized — missing or invalid credentials
object
Example
{ "type": "about:blank"}Forbidden — caller lacks access to this resource
object
Example
{ "type": "about:blank"}Not found
object
Example
{ "type": "about:blank"}Validation error
object
Example
{ "type": "about:blank"}Internal server error
object
Example
{ "type": "about:blank"}