Auth API - How to send api keys — Documentation — CARTO (2024)

Table of Contents
How to send API Keys HTTP Basic Authentication Query string/Request body parameter FAQs

How to send API Keys

A CARTO API Key is physically a token/code of 12+ random alphanumeric characters.

You can pass in the API Key to our APIs either by using the HTTP Basic authentication header or by sending an api_key parameter via the query string or request body.

Tip: If you use our client library CARTO.js, you only need to follow the authorization section and we will handle API Keys automatically for you.

The examples shown to illustrate the different methods of how to send API Keys use the following parameters:

See Also
How to Get Your Binance API Keys and Use Them [Full Guide]Private Key | Binance AcademyAPI key authentication

123
- user: username - API Key: 1234567890123456789012345678901234567890 - API endpoint: https://username.carto.com/endpoint/

HTTP Basic Authentication

Basic Access Authentication is the simplest technique of handling access control and authorization in a standardized way. It consists essentially of an HTTP Authorization Basic header followed by the user credentials (username and password) encoded using base64.

If that looks complicated to you, don’t worry. Most client software provide simple mechanisms to use HTTP Basic Authentication, like curl, Request (JavaScript) and Requests (Python).

For requests to CARTO’s APIs, take the API Key as the password, and the username as the user who issued that API Key.

Examples:

Curl
123
curl -X GET \ 'https://username.carto.com/endpoint/' \ -H 'authorization: Basic dXNlcm5hbWU6MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MA=='
Request (JavaScript)
123456
request.get('https://username.carto.com/endpoint/', { 'auth': { 'user': 'username', 'pass': 1234567890123456789012345678901234567890 }});
Requests (Python)
1
r = requests.get('https://username.carto.com/endpoint/', auth=(username, 1234567890123456789012345678901234567890))

Query string/Request body parameter

Alternatively, you can use an URL query string parameter or a field in the request body. In both cases, the name of the parameter is api_key.

Examples:

1
curl -X GET 'https://username.carto.com/endpoint/?api_key=1234567890123456789012345678901234567890'
123456
curl -X POST \ 'https://username.carto.com/endpoint/' \ -H 'content-type: application/json' \ -d '{"api_key": "1234567890123456789012345678901234567890" }'

If, for some mysterious reason, you submit the API Key with more than one of the available methods, the order of precedence is as follows:

  1. HTTP Basic Authentication header
  2. URL query string parameter
  3. Request body field

Likewise, for security reasons and future-proofing, we recommend that you use that same order when choosing a method for sending the API Key. In other words, favour the use of HTTP Basic Authentication over the URL query string, and try to avoid the body field. We support this method just for backwards compatibility.

Auth API - How to send api keys — Documentation — CARTO (2024)

FAQs

How to authenticate with API key? ›

To use an API that requires key-based authentication, the user or application includes the API key as a parameter in the request, typically as a query parameter or in a header. The API provider verifies the key and then allows or denies access to the API based on the user's permissions and the API's usage limits.

Read On
How to call API with API key? ›

How to Make API calls
  1. Find the URI of the external server or program.
  2. Add an HTTP verb.
  3. Include a header.
  4. Include an API key or access token.
  5. Wait for the response.
Sep 20, 2021

Discover More Details
What is the difference between API key and auth token? ›

The main distinction between these two is: API keys identify the calling project — the application or site — making the call to an API. Authentication tokens identify a user — the person — that is using the app or site.

Continue Reading
What are API keys used for? ›

An application programming interface (API) key is a code used to identify and authenticate an application or user. API keys are available through platforms, such as a white-labeled internal marketplace. They also act as a unique identifier and provide a secret token for authentication purposes.

See Details
How do I pass API authentication? ›

In API key authentication, the API provider assigns a unique key to each client accessing the API. The client needs to include their API key as part of the request to authenticate themselves. The API key can be included anywhere in the request, such as the header, body, or query parameters.

Find Out More
How to pass an API key? ›

When authenticating with an API key, you don't need to reference your account credentials. Instead, you pass the API key in the HTTP header of your authentication request. Each organization can have up to 20 API keys. API keys are associated with an organization and not individual users.

Tell Me More
Which is the most secure method to transmit an API key? ›

Don't share API keys through email. Always use HTTPS/SSL for your API requests — some APIs won't field your request if you're not using it.

Show Me More
How do I call one API from another API? ›

When an API is acting on behalf of a user and needs to call another API, the API must use OBO to acquire a delegated permission access token to call the Downstream API on behalf of the user. APIs should never use application permissions to call Downstream APIs when the API is acting on behalf of a user.

Explore More
How do I send a request to an API? ›

After you specify the request protocol, method, and URL, add any other details required by the API you're sending the request to: Specify any parameters and body data or request headers you need to send with the request. Set up any required authentication and authorization.

Continue Reading
Is API key basic auth? ›

You can pass the API key via Basic Auth as either the username or password. Most implementations pair the API key with a blank value for the unused field (username or password). You will need to base64-encode the `username:password` content, but most request libraries do this for you.

Show Me More

How do I authenticate API with token? ›

How API Tokens Work
  1. A user or application trying to connect with the API provides the token to the API server to authenticate their identity and access.
  2. The server reviews the token. If the token is valid, the API server grants the requested level of access.

Read The Full Story
How to generate API key? ›

Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key.

See Details
Where should I put my API key? ›

Keep API keys isolated from the main code and away from the public eye by storing them in environmental variables. Always keep API keys in safe key management solutions for storage. Make sure that the keys are encrypted both in transit and at rest. Alternate your API keys regularly to minimize exposure concerns.

Get More Info Here
How can I find my API key? ›

To find an API key, you usually need to visit the website or platform that offers the API you want to use. The process can vary depending on the specific API provider, but you typically need to sign up for an account, create a project or application, and then generate an API key within that project.

Continue Reading
Should I give someone my API key? ›

The API key should never leave your control. Your API key should only ever be communicated between your server and OpenAI's server. If you ever send it to a client it will, with near-certainty become compromised.

View More
How do I verify my API key? ›

You can set up API key validation for an API by attaching a policy of type Verify API Key. The only required setting for a VerifyAPIKey policy is the expected location of the API key in the client request. The API proxy will check the location that you specify, and extract the API key.

View Details
How can I authenticate API requests? ›

To authenticate API requests, use basic authentication with your email address and password, your email address and an API token, or an OAuth access token. All methods of authentication set the authorization header differently. Credentials sent in the payload or URL are not processed.

See More
Top Articles
Walmart CEO reports earning $24.1M | Arkansas Democrat Gazette
Blockchain solutions | Platforms, insights & services | EY - Global
Po Box 7250 Sioux Falls Sd
Kansas City Kansas Public Schools Educational Audiology Externship in Kansas City, KS for KCK public Schools
Citibank Branch Locations In Orlando Florida
The Ivy Los Angeles Dress Code
THE 10 BEST River Retreats for 2024/2025
Nyuonsite
Red Heeler Dog Breed Info, Pictures, Facts, Puppy Price & FAQs
Richmond Va Craigslist Com
Wordle auf Deutsch - Wordle mit Deutschen Wörtern Spielen
The Murdoch succession drama kicks off this week. Here's everything you need to know
Leader Times Obituaries Liberal Ks
Lehmann's Power Equipment
Td Small Business Banking Login
Busted Campbell County
Poe Str Stacking
Melendez Imports Menu
Little Rock Skipthegames
Best Boston Pizza Places
Marokko houdt honderden mensen tegen die illegaal grens met Spaanse stad Ceuta wilden oversteken
Pacman Video Guatemala
Jamielizzz Leaked
CohhCarnage - Twitch Streamer Profile & Bio - TopTwitchStreamers
Eegees Gift Card Balance
Fairwinds Shred Fest 2023
Melissa N. Comics
How to Use Craigslist (with Pictures) - wikiHow
Unm Hsc Zoom
Pnc Bank Routing Number Cincinnati
The Ride | Rotten Tomatoes
Tgh Imaging Powered By Tower Wesley Chapel Photos
Car Crash On 5 Freeway Today
John F Slater Funeral Home Brentwood
Chatropolis Call Me
Craigslist Ludington Michigan
Skip The Games Grand Rapids Mi
Tyler Perry Marriage Counselor Play 123Movies
Clausen's Car Wash
Linkbuilding uitbesteden
Powerspec G512
Catchvideo Chrome Extension
Craigslist Mendocino
Terrell Buckley Net Worth
Verizon Forum Gac Family
Maurices Thanks Crossword Clue
Minecraft Enchantment Calculator - calculattor.com
Basic requirements | UC Admissions
Obituary Roger Schaefer Update 2020
Ihop Deliver
Latest Posts
790 Credit Score: Is it Good or Bad? - Experian
Introduction to TCP/IP (Part 2) - Five Layer Model and Applications
Article information

Author: Dong Thiel

Last Updated:

Views: 5739

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.