Set up the JavaScript Consumer SDK
Stay organized with collections
Save and categorize content based on your preferences.
With the JavaScript Consumer SDK, your consumer app can show the location of
vehicles and other locations of interest tracked in Fleet Engine on a web-based
map. This allows your consumers to see the progress of the driver's journey.
This guide assumes you have set up Fleet Engine with its associated Google Cloud
project and API keys. See Fleet Engine for details.
You set up the JavaScript Consumer SDK following these steps:
- Enable the Maps JavaScript API
- Set up authorization
Enable the Maps JavaScript API
Enable the Maps JavaScript API in the Google Cloud Console. For more details,
see Enable APIs in the Google Cloud documentation. This enables the
Consumer SDK for JavaScript.
Set up authorization
Fleet Engine requires the use of JSON Web Tokens (JWTs) for API method calls
from low-trust environments: smartphones and browsers.
A JWT originates on your server, is signed, encrypted, and passed to the client
for subsequent server interactions until it expires or is no longer valid.
Key details
How does authorization work?
Authorization with Fleet Engine data involves both server-side and client-side
implementation.
Server-side authorization
Before you set up authentication and authorization in your web-based
application, your backend server must be able to issue JSON Web Tokens to your
web-based application for access to Fleet Engine. Your web-based application
sends these JWTs with its requests so Fleet Engine recognizes the requests as
authenticated and authorized to access the data in the
request. For instructions on server-side JWT implementation, see Issue JSON Web
Tokens under Fleet Engine Essentials.
Specifically, keep in mind the following for the JavaScript Consumer SDK for
sharing trip progress:
Client-side authorization
When you use the JavaScript Consumer SDK, it requests a token from the server using an
authorization token fetcher. It does this when any of the following is true:
No valid token exists, such as when the SDK hasn't called the fetcher on a
fresh page load, or when the fetcher hasn't returned with a token.
The token has expired.
The token is within one minute of expiring.
Otherwise, the JavaScript Consumer SDK uses the previously-issued, valid token and does not
call the fetcher.
Create an authorization token fetcher
Create your authorization token fetcher using these guidelines:
The fetcher must return a data structure with two fields, wrapped in a
Promise as follows:
The fetcher should call a URL on your server to retrieve a token. This
URL--the SERVER_TOKEN_URL--depends on your backend implementation. The
following example URL is for the sample app backend on GitHub:
https://SERVER_URL/token/consumer/TRIPID
Example -- Create an authentication token fetcher
The following examples show how to create an authorization token fetcher:
JavaScript
async function authTokenFetcher(options) {
// options is a record containing two keys called
// serviceType and context. The developer should
// generate the correct SERVER_TOKEN_URL and request
// based on the values of these fields.
const response = await fetch(SERVER_TOKEN_URL);
if (!response.ok) {
throw new Error(response.statusText);
}
const data = await response.json();
return {
token: data.Token,
expiresInSeconds: data.ExpiresInSeconds
};
}
TypeScript
function authTokenFetcher(options: {
serviceType: google.maps.journeySharing.FleetEngineServiceType,
context: google.maps.journeySharing.AuthTokenContext,
}): Promise<google.maps.journeySharing.AuthToken> {
// The developer should generate the correct
// SERVER_TOKEN_URL based on options.
const response = await fetch(SERVER_TOKEN_URL);
if (!response.ok) {
throw new Error(response.statusText);
}
const data = await response.json();
return {
token: data.token,
expiresInSeconds: data.ExpiresInSeconds,
};
}
What's next
Follow a trip in JavaScript
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[[["\u003cp\u003eThe JavaScript Consumer SDK enables web-based display of vehicle locations and other points of interest tracked within Fleet Engine, letting consumers monitor driver progress.\u003c/p\u003e\n"],["\u003cp\u003eBefore using the SDK, enable the Maps JavaScript API and set up authorization, which in low-trust environments like browsers requires JSON Web Tokens (JWTs) issued by your server.\u003c/p\u003e\n"],["\u003cp\u003eServer-side authorization involves your backend issuing JWTs signed by a service account, while client-side authorization uses an authorization token fetcher within the JavaScript Consumer SDK to request and manage these tokens.\u003c/p\u003e\n"],["\u003cp\u003eYou must create an authorization token fetcher that retrieves a token and its expiry time from your server, ensuring secure access to Fleet Engine data for your web application.\u003c/p\u003e\n"]]],["The JavaScript Consumer SDK allows consumer apps to display vehicle locations from Fleet Engine on a web map. Setup involves enabling the Maps JavaScript API and configuring authorization. Fleet Engine uses JSON Web Tokens (JWTs) for API calls. A backend server must issue JWTs, which the client-side uses for authenticated requests. An authorization token fetcher, created by developers, retrieves JWTs from the server when needed. The fetcher must return a `token` and its `expiresInSeconds`.\n"],null,["Select platform: [Android](/maps/documentation/mobility/journey-sharing/on-demand/android/setup \"View this page for the Android platform docs.\") [iOS](/maps/documentation/mobility/journey-sharing/on-demand/ios/setup \"View this page for the iOS platform docs.\") [JavaScript](/maps/documentation/mobility/journey-sharing/on-demand/javascript/setup \"View this page for the JavaScript platform docs.\")\n\n\u003cbr /\u003e\n\nWith the JavaScript Consumer SDK, your consumer app can show the location of\nvehicles and other locations of interest tracked in Fleet Engine on a web-based\nmap. This allows your consumers to see the progress of the driver's journey.\nThis guide assumes you have set up Fleet Engine with its associated Google Cloud\nproject and API keys. See [Fleet Engine](/maps/documentation/mobility/fleet-engine) for details.\n\nYou set up the JavaScript Consumer SDK following these steps:\n\n1. [Enable the Maps JavaScript API](#enable-api)\n2. [Set up authorization](#set-up-auth)\n\nEnable the Maps JavaScript API\n\nEnable the Maps JavaScript API in the Google Cloud Console. For more details,\nsee [Enable APIs](https://cloud.google.com/apis/docs/getting-started#enabling_apis) in the Google Cloud documentation. This enables the\nConsumer SDK for JavaScript.\n\nSet up authorization\n\nFleet Engine requires the use of **JSON Web Tokens** (JWTs) for API method calls\nfrom **low-trust environments**: smartphones and browsers.\n\nA JWT originates on your server, is signed, encrypted, and passed to the client\nfor subsequent server interactions until it expires or is no longer valid.\n\n**Key details**\n\n- Use [Application Default Credentials](https://google.aip.dev/auth/4110) to authenticate and authorize against Fleet Engine.\n- Use an appropriate service account to sign JWTs. See [Fleet Engine serviceaccount](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/service-accounts#fleet_engine_service_account_roles) roles in **Fleet Engine Basics**.\n\nHow does authorization work?\n\nAuthorization with Fleet Engine data involves both server-side and client-side\nimplementation.\n\nServer-side authorization\n\nBefore you set up authentication and authorization in your web-based\napplication, your backend server must be able to issue JSON Web Tokens to your\nweb-based application for access to Fleet Engine. Your web-based application\nsends these JWTs with its requests so Fleet Engine recognizes the requests as\nauthenticated and authorized to access the data in the\nrequest. For instructions on server-side JWT implementation, see [Issue JSON Web\nTokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt) under **Fleet Engine Essentials**.\nSpecifically, keep in mind the following for the JavaScript Consumer SDK for sharing trip progress:\n\n\u003cbr /\u003e\n\n- [General guidelines](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt#general_guidelines) for issuing JSON Web Tokens\n- [On-demand trips JWT guidelines](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt#for_on-demand_trips)\n- [Example token for a consumer operation](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt#example_token_for_a_consumer_app_operation)\n\nClient-side authorization\n\nWhen you use the JavaScript Consumer SDK, it requests a token from the server using an\nauthorization token fetcher. It does this when any of the following is true:\n\n- No valid token exists, such as when the SDK hasn't called the fetcher on a\n fresh page load, or when the fetcher hasn't returned with a token.\n\n- The token has expired.\n\n- The token is within one minute of expiring.\n\nOtherwise, the JavaScript Consumer SDK uses the previously-issued, valid token and does not\ncall the fetcher.\n\nCreate an authorization token fetcher\n\nCreate your authorization token fetcher using these guidelines:\n\n- **The fetcher must return a data structure with two fields** , wrapped in a\n `Promise` as follows:\n\n - A string `token`.\n\n - A number `expiresInSeconds`. A token expires in this amount of time\n after fetching. The authentication token fetcher must pass the expiry\n time in seconds, from the time of fetching to the library as shown in\n the example.\n\n- **The fetcher should call a URL on your server** to retrieve a token. This\n URL--the `SERVER_TOKEN_URL`--depends on your backend implementation. The\n following example URL is for the [sample app backend on GitHub](https://github.com/googlemaps/last-mile-fleet-solution-samples/tree/main/backend):\n\n - `https://SERVER_URL/token/consumer/TRIPID`\n\nExample -- Create an authentication token fetcher\n\nThe following examples show how to create an authorization token fetcher: \n\nJavaScript \n\n async function authTokenFetcher(options) {\n // options is a record containing two keys called\n // serviceType and context. The developer should\n // generate the correct SERVER_TOKEN_URL and request\n // based on the values of these fields.\n const response = await fetch(SERVER_TOKEN_URL);\n if (!response.ok) {\n throw new Error(response.statusText);\n }\n const data = await response.json();\n return {\n token: data.Token,\n expiresInSeconds: data.ExpiresInSeconds\n };\n }\n\nTypeScript \n\n function authTokenFetcher(options: {\n serviceType: google.maps.journeySharing.FleetEngineServiceType,\n context: google.maps.journeySharing.AuthTokenContext,\n }): Promise\u003cgoogle.maps.journeySharing.AuthToken\u003e {\n // The developer should generate the correct\n // SERVER_TOKEN_URL based on options.\n const response = await fetch(SERVER_TOKEN_URL);\n if (!response.ok) {\n throw new Error(response.statusText);\n }\n const data = await response.json();\n return {\n token: data.token,\n expiresInSeconds: data.ExpiresInSeconds,\n };\n }\n\nWhat's next\n\n[Follow a trip in JavaScript](/maps/documentation/mobility/journey-sharing/on-demand/javascript/share-journey)"]]
