Locance geolocation platform:
Frequently asked questions (FAQs)

Select a topic:

Understanding geolocation compliance

What is geolocation compliance?

Geolocation compliance is the process of reliably verifying a user’s physical location to ensure they meet jurisdictional requirements for accessing specific services. For businesses operating in regulated industries, geolocation compliance is critical to ensure they’re operating legally and responsibly.

This is especially important in highly regulated markets like the U.S. and Canada, where state or provincial laws govern activities like online gaming, financial services, and other location-restricted operations. For example, in the U.S., only certain states allow online casinos, while more than half allow sports betting, each with their own specific regulations.

How does geolocation compliance impact the end user experience?

Your end user’s experience will vary depending on the geolocation platform you use. Ideally, the process is seamless and works like this:

  • No additional downloads or plugins required
  • Compatible with all popular devices (e.g., mobile phones, tablets, desktops)
  • Support for both mobile and Wi-Fi-based operations

Geolocation services like Locance prioritize user-friendly designs to minimize hurdles, which helps make compliance as transparent as using everyday location-enabled services like Google Maps. The goal is to balance regulatory compliance with a smooth user experience.

Does location compliance technology work on mobile phones?

Yes. As long as the geolocation platform can confirm that the user is located in the appropriate jurisdiction, they can use services from their mobile phone browsers or apps. To ensure the best location results, users should:

  • Enable all location sharing and location services options in device settings including precise or high accuracy location
  • Ensure that Wi-Fi, GPS, Bluetooth and cellular data are all turned on
  • Whenever possible, use a Wi-Fi connection
  • Allow cookies and location sharing in browser settings or when prompted in the app
  • Disable any mock location or location spoofing apps
  • Disable low power or battery saving modes
  • Disable remote access, proxies, anonymizers, or Virtual Private Networks (VPNs)
  • Run anti-virus scans to verify that no malware is exploiting location services
  • Avoid browser incognito modes or private browsing options
  • Disable ad blockers and other settings that may interfere with website tracking

Why do businesses need geolocation compliance?

Without proper geolocation compliance, businesses risk significant legal penalties, loss of operating licenses, and reputational damage. Specifically, businesses need geolocation compliance for several key reasons:

  • Regulatory requirements: Many industries must verify user location to comply with local laws and regulations.
  • Fraud prevention: Verifying user location helps detect suspicious activities and prevent fraud.
  • User verification: Confirms users are accessing services from authorized jurisdictions.
  • Risk management: Helps businesses avoid penalties and legal issues by ensuring compliance.
  • Personalized services: Enables the delivery of location-appropriate content and services.

What technologies are used to verify a user’s location?

Locance’s geolocation platform uses a multi-factor approach that combines:

  • IP, GPS, device-based, cellular, and Wi-Fi location data
  • Device profiling and behavioral biometrics
  • Anti-spoofing measures like detection of VPN, proxy, and remote access

This layered approach ensures high reliability while identifying potential fraud attempts. It’s also ideal for users that are on the go or located in remote or rural locations.

Does location compliance technology work on desktops and other devices?

Yes. The same principles apply to desktop computers and tablets as to mobile phones. Users can access location-verified services as long as the geolocation platform can confirm they are in an appropriate jurisdiction. The recommendations for ensuring accurate location detection on desktops and tablets are similar to those for mobile devices.

Locance platform capabilities

What is the purpose of the Locance API and what are its features?

The Locance API provides location-based services, including geolocation, geofencing, reverse geocoding, device profiling, and compliance verification for industries such as financial services, online gaming, lottery, and asset management. It enables secure and reliable verification of a user’s device location during online sessions. The main features include:

  • Real-time location retrieval for devices
  • Geofencing and zone checks
  • Device profiling for risk assessment
  • Compliance verification for regulatory requirements
  • Seamless integration with web and mobile applications

Can the Locance API be used for both web and mobile applications?

Yes, the Locance API supports both web and mobile applications through SDKs, JavaScript toolkits, and RESTful endpoints, ensuring compatibility across platforms. This enables businesses to implement consistent geolocation compliance across all their user touchpoints.

How customizable are Locance’s compliance rules?

Flexibility is a must-have when it comes to geolocation compliance. Locance works with each customer to adjust compliance rule sets to fit their specific needs. For example, an iGaming provider may need to exclude certain areas within their jurisdictions.

Locance’s customizable approach enables operators to strike the right balance between security and user accessibility while maintaining full control over their end user experience. This customization extends to specific regional requirements, use cases, risk tolerances, and business models.

What are the benefits of using the Locance API compared to other solutions?

The benefits of the Locance geolocation platform include:

  • High-accuracy location data
  • Robust device profiling capabilities
  • Seamless integration via SDKs and JavaScript toolkits
  • Compliance with industry-specific regulations
  • Scalability for high-volume usage
  • Flexibility for various use cases, such as fraud detection and regulatory compliance
  • Multi-factor approach to location verification
  • Customizable rule sets for specific business needs
  • Comprehensive SaaS reporting and forensics tools via the Locance Customer Portal

How scalable is the Locance geolocation platform?

Scalability is critical for businesses, especially during high-traffic events. For example, the online gaming industry can see a 10x or higher increase in capacity during events like the Super Bowl or a large Powerball jackpot.

Locance’s cloud-based infrastructure provides virtually unlimited scalability and reliable performance, enabling your service use to scale up quickly during surges in demand. This also means that the platform will continue to meet your geolocation compliance needs as your business grows.

Support and customer success

What kind of support can I expect from Locance as a geolocation compliance provider?

While support levels vary widely among geolocation service providers, at Locance, we take a customer success approach that includes:

  • A dedicated Customer Success Manager (CSM) for ongoing support
  • On-demand, expert assistance during implementation, including API demos
  • Continued partnership to optimize user flows and rule sets post-integration and throughout your use of the platform, with direct access to your CSM anytime

In our experience, offering this white-glove level of support helps give our customers a smooth onboarding experience as well as fostering their sustained success on our platform.

Why choose Locance for geolocation compliance?

Locance offers several advantages over other geolocation providers:

  • Reliability: Multi-layered approach to location verification ensures high confidence
  • Accuracy: Optimized use of all available sources to deliver the best possible location
  • Speed of implementation: Typical integration can be completed in as little as 2-3 days
  • Customization: Flexible rule sets that adapt to your specific business needs
  • Scalability: Cloud-based infrastructure that can handle significant traffic spikes
  • Support: Dedicated Customer Success Manager and implementation assistance
  • Data Protection: You maintain control over your users’ data, with no third-party access
  • Experience: Extensive experience across multiple regulated industries

For more information on evaluating geolocation platforms, see our guide on 8 Questions to Ask When Evaluating a Geolocation Platform.

Integration and implementation

How do I get started with the Locance API?

To get started with Locance:

  1. Sign up for a demo account and provision an API key through Locance
  2. Review the documentation provided
  3. Follow the integration guides for your specific use case
  4. Work with your dedicated Customer Success Manager during implementation

Locance’s Customer Portal provides a dedicated sandbox environment to allow developers to test API integration before going live. Contact our support team for access to developer tools.

What are the steps to integrate the Locance API into a web application?

Locance API integration steps include:

  1. Use the provided JavaScript toolkits in your web application
  2. Configure your API keys and security settings
  3. Make API calls to the appropriate endpoints for your needs (e.g., /locreq)
  4. Test the integration thoroughly before full deployment
  5. Partner with Locance’s support team to optimize your implementation

What does implementation of Locance’s geolocation compliance solution involve?

Locance has designed its solution to be as straightforward as possible to implement, involving:

  • Restful APIs that provide JSON responses
  • JavaScript integration for browser-based applications
  • SDKs for iOS and Android apps

Locance provides comprehensive documentation and implementation guides so that your business can set up its systems quickly—sometimes as fast as 2-3 days.

How do I use the SDKs and JavaScript toolkits?

The iOS and Android SDKs provide functions and methods to easily integrate them into your mobile app. Once your app is ready, you just follow the same simple steps as for a web application.

Refer to the integration guides for each mobile platform for detailed instructions on using them in your application. The documentation includes code samples, best practices, and implementation advice for various use cases.

Technical details

What is the difference between a “Location Session,” “Device Profile Session,” and “Compliance Session”?

Each session type serves different purposes in your geolocation strategy and can be used independently or in combination depending on your specific requirements.

  • Location Session: Used for retrieving the device’s location (e.g., via /locreq).
  • Device Profile Session: Used for profiling the device’s characteristics and behavior (e.g., via /deviceprofilereq).
  • Compliance Session: A combination of Location and Device Profiling Sessions, used for verifying if the device meets compliance criteria (e.g., via /compliancereq).

Can the Locance API be used for real-time location verification?

Yes, the API provides real-time location data via the /locreq endpoint for Location Sessions, supporting use cases like asset tracking and fraud prevention. This real-time verification is essential for industries where location matters at the moment of transaction or service access.

How does the Locance API handle authentication?

The API utilizes OAuth 2.0 with the Client Credentials grant type. Clients must obtain an API bearer token (accessToken) by providing their client_id and client_secret, which are provisioned through the Locance Customer Portal. This token is then included in the HTTP Authorization header of each API request for authentication.

Are there any expiration policies or renewal processes for these credentials?

The access Token expires, with the expiration time provided in the ‘accessTokenExpiresAt’ field when the token is issued. Clients must refresh the token before it expires by making a new token request to maintain uninterrupted access.

How can the Locance API be used for geofencing?

The API supports geofencing by:

  • Accessing pre-defined zones such as countries or states via /zone
  • Defining and managing customer-specific zones via /zone
  • Checking device locations against selected zones via /zonecheckreq

For example, businesses can detect if a device is within a restricted area, or ensure users are only accessing services from approved jurisdictions. This capability is particularly valuable for regulatory compliance and risk management.

How does the Locance API handle cross-border compliance?

The API verifies device location and compliance across borders by:

  • Checking device location against jurisdictional boundaries
  • Calculating travel speed, direction and distance to nearby boundaries
  • Enforcing compliance rules during Compliance Sessions

For example, businesses can block transactions from users in restricted countries or apply different rules based on regional requirements.

How do I obtain and manage these credentials securely?

Credentials (client_id and client_secret) are managed via the Locance Customer Portal, where clients can obtain, update, or revoke them. To ensure security, these credentials should be stored securely (e.g., in a vault or encrypted storage) and never exposed in client-side code. Server-side handling is recommended.

API usage and response format

What are the available endpoints, and what actions do they perform?

The API offers several key endpoints, including:

  • /deviceprofilereq (Device Profile Services): Provides real-time device risk scoring and profiling.
  • /locreq (Location Services): Retrieves device location using methods like IP address, cellular or Wi-Fi ID, browser-based data, or mobile app data. Reverse geocoding is also available.
  • /zone and /zonecheckreq (Smart Zone Services): Manages geofences (zones) and checks if a device is within a specified zone.
  • /compliancereq (Compliance Services): Assesses if a device meets compliance criteria based on location and other factors.

Each endpoint supports specific actions, such as locating devices, creating zones, or verifying compliance.

What format does the Locance API use for requests and responses?

The API uses secure HTTP requests with JSON for both request and response bodies.

How should I handle common errors (e.g., invalid credentials, rate limit exceeded)?

Here’s how to address common errors:

  • Invalid Credentials (401): Verify the accessToken is valid and refresh it if expired.
  • Rate Limit Exceeded (403): Pause requests and retry later, ideally with exponential backoff.
  • Invalid Parameter (400 or statusCode: 48): Validate request parameters against the specification and correct errors.

Are there specific endpoints for retrieving location data, setting up geofences, or managing web browser and mobile app sessions?

Yes, endpoints include:

  • Location Data Retrieval: Use /locreq with parameters like locationType (e.g., IP, HTML5, GSID).
  • Geofencing: Use /zone to create, delete or manage geofences and /zonecheckreq to verify a device’s position relative to a zone.
  • Location Sessions: Session-based location is supported via identifiers like sessionId for browser or app-based location requests.

What are the possible error codes and messages returned by the API?

The API returns HTTP status codes (e.g., 400, 401, 403, 404) and custom statusCode: StatusMsg values in the response body. Common examples:

  • 0: Success
  • 10: Unauthorized for location
  • 13: Location timeout
  • 19: System error
  • 48: Invalid parameter

Service-specific error codes are also defined (e.g., 48 for invalid parameters in Device Profile services).

Rate limits and usage restrictions

Are there rate limits on API requests and how are they enforced?

Yes, rate limits are enforced based on the transactions per second (TPS) provisioned for your account. Exceeding this limit triggers a 403 Forbidden error with the message “Throttle limit of <TPS> TPS reached.”

Limits are applied per application. Exceeding them results in a 403 Forbidden response. Contact Locance to adjust your TPS limit if needed.

Security and privacy considerations

What security measures are required when using the Locance API?

Locance API security measures include:

  • All requests must use HTTPS for encryption.
  • Requests must originate from whitelisted sources.
  • The accessToken must be included in the Authorization header.
  • Avoid exposing sensitive credentials (client_id, client_secret) in client-side code; use server-side requests instead.

Do I retain control over my end users’ data?

Yes, as a customer using Locance’s services, you maintain full control over your end users’ data, as covered in the Privacy Policy. Locance treats location data like your property—not something that the provider takes ownership of. This approach ensures:

  • Your platform decides when data is sent and retrieved, and how it is used
  • Unlike other providers, Locance does not grant third-party access to sensitive user information or location data without your knowledge and consent
  • Locance does not sell location data

How should I handle sensitive data, such as location information, in my application?

Store and transmit location data securely, comply with privacy regulations, publish clear terms of use, and obtain user consent where required (e.g., for app-based or browser-based location). Implement appropriate data retention policies and access controls to protect user privacy.

How does the Locance API ensure data privacy and compliance with regulations like GDPR?

The Locance API ensures data privacy by:

  • Using HTTPS for secure data transmission
  • Using ephemeral session identifiers rather than personal identifiers
  • Encrypting data at rest and in transit
  • Requiring user consent for location services where applicable
  • Minimizing data collection and providing transparency

Contact Locance for detailed compliance policies.

Additional requirements

Are there any specific headers or query parameters required for all requests?

Every request requires the Authorization header with the bearer token:
{
"Authorization": "Bearer <accessToken>"
}

Requests may include additional informational parameters like refId for customer-specific content.

Are there any versioning requirements for the API?

The API version is specified in the URI (e.g., /v4/locreq.json). Version 4 is current, with prior versions supported for at least one year after a new major release.

Industry-specific applications

How can the Locance API be used in financial services?

In financial services, the location API verifies user location during transactions to:

  • Prevent fraud by ensuring the user is in an expected location
  • Meet regulatory requirements for transaction verification
  • Enhance security for high-value transactions
  • Support regional compliance with financial regulations

Example: Use /locreq to verify a user’s location during a high-value transaction to reduce the risk of fraud.

Are geolocation services certified for my region?

Regulators typically demand end-to-end testing of your unique application—not just the underlying geolocation platform. So, while Locance or any other geolocation provider may be used by other operators that are already certified in certain jurisdictions, your specific application will still require testing and certification to meet local requirements.

This means that every application needs to undergo its own certification process wherever required to ensure full compliance with local standards.

Locance provides guidance on the regional certification process to help ensure your application meets relevant requirements. Our Customer Success team works closely with customers to navigate compliance regulations and facilitate more seamless approvals.

Can the Locance API be used for fraud prevention?

Yes, the API helps prevent fraud by:

  • Verifying user location to detect anomalies (e.g., transactions from unexpected regions)
  • Profiling devices to identify suspicious behavior (e.g., via /deviceprofilereq)
  • Providing risk scores based on location and device characteristics
  • Detecting location spoofing attempts and unauthorized access

Example: Flag a transaction if the device profile indicates high risk or if the user’s location doesn’t match their typical pattern.

What are the benefits of using the Locance API in online gaming?

For online gaming, the geolocation API ensures players are within legal jurisdictions by:

  • Verifying player location during a Compliance Session (e.g., via /compliancereq)
  • Helping operators avoid legal penalties by enforcing geographic restrictions
  • Supporting compliance with state-specific gaming regulations
  • Enabling operators to expand into new markets confidently

Example: Confirm a player is in a permitted state, but not within a restricted aboriginal territory, before allowing gameplay, thus maintaining regulatory compliance.

How does the Locance API help with asset tracking and monitoring?

The API provides real-time location data for physical assets, allowing businesses to:

  • Monitor asset location on demand (e.g., via /locreq)
  • Set up geofences to detect if devices are in or out of designated areas (e.g., via /zonecheckreq)
  • Locate vehicles, high-value equipment, or other mobile assets in real-time

Example: Monitor the location of a fleet of vehicles in real-time for optimized logistics and security.

How does the Locance API support compliance with regulations?

The API supports compliance by:

  • Verifying user location for jurisdictional requirements (e.g., online gaming laws, financial regulations, etc.)
  • Performing compliance checks during Compliance Sessions (e.g., via /compliancereq)
  • Maintaining detailed audit logs for regulatory reporting
  • Adapting to evolving compliance requirements through flexible rule sets

Example: Ensure a user is in a regulated area before approving a financial transaction to maintain compliance with regional regulations.

TEST OUT OUR API

Experience the power of our APIs

Get hands-on with Locance’s advanced location services by trying out our APIs today.

Unlock the value of verified
geolocationfor your business

img-side

Request a Demo

I agree to Locance’s privacy policy.
This field is for validation purposes and should be left unchanged.