Collaboration best practices
There are a few guidelines you can follow to set your account up for collaboration from the beginning.
Account setup. When on contract with an organization, start by setting up a new account in the organization’s name, like
CompanyName. This is an important step because usernames cannot be changed and access tokens are non-transferrable between accounts.
Client accounts. If you are building projects for multiple clients, set up a unique Mapbox account for each of them. Pay-as-you-go and Commercial accounts come equipped with a certain amount of API calls for free each month. When you set up a separate Mapbox account for each client, they will get their own set of free API usage. Individual client accounts also makes tracking usage much easier since invoices and full account statistics will only be tied to one organization's API usage.
Access tokens. It's best practice to use a distinct Mapbox account for each of your clients' projects. Though, if you are managing multiple clients' projects from one Mapbox account, use a unique named token for each project. Be cautious about using your own access tokens while developing for an organization, since their maps & billing will be tied to your account. When the time comes to hand off the account, rotate tokens so that your client's maps are tied to their own access tokens. Take extra care not to delete an access token that is in production for a project you collaborated on before.
Login credentials. At the end of the project, share the account credentials with the organization so the owners can change the email and change the password. Encourage the organization to use an email address multiple people have access to and to save their new password in a shared password manager, like 1Password.
Shared email address. If someone creates your Mapbox account for you, encourage them to use a shared email like
email@example.com. This will allow stakeholders to log in to the account as well as receive invoices, notifications, and password reset emails.
Email forwarding rules. Consider setting forwarding rules in your email client so that stakeholders in your company receive important emails. For example, if you'd like your billing department to receive billing emails like payment receipts, set any email from
firstname.lastname@example.org automatically forward to them.
Password manager. When you receive and/or create your Mapbox account credentials, store them in a shared-secure location, like a 1Password vault and/or Okta. This will help keep your password safe and available when you or your teammates need it.
Access Tokens. Taking care to rotate your access tokens upon receiving the account allows you to limit the risk of a consulting developer or former teammate deleting an access token that is used by a production application. Make sure that the location services for your applications are tied to your account, using distinct access tokens for granular statistics & billing.
Provisioning access tokens. Tokens can be created & deleted with the Access Tokens page or the Tokens API on the command line. With scoped tokens, developers can read, write, and upload data without needing to log into your Mapbox account. If your organization already has an existing Mapbox account and/or you hire developers (independently, or through our Developer Network), consider administering the developers access tokens with limited scopes.
Design reviews. Throughout the project you can share your work with your Map Style's Share URL or by setting up a small example application. If collaboration on editing a style is required, but you don't share access to the same Mapbox account, follow the guide to transferring styles between accounts to work together in a design review.