Auth API - How to send api keys — Documentation — CARTO (2024)

Table of Contents
How to send API Keys HTTP Basic Authentication Query string/Request body parameter FAQs

How to send API Keys

A CARTO API Key is physically a token/code of 12+ random alphanumeric characters.

You can pass in the API Key to our APIs either by using the HTTP Basic authentication header or by sending an api_key parameter via the query string or request body.

Tip: If you use our client library CARTO.js, you only need to follow the authorization section and we will handle API Keys automatically for you.

The examples shown to illustrate the different methods of how to send API Keys use the following parameters:

See Also
How to Get Your Binance API Keys and Use Them [Full Guide]Private Key | Binance AcademyAPI key authentication

123
- user: username - API Key: 1234567890123456789012345678901234567890 - API endpoint: https://username.carto.com/endpoint/

HTTP Basic Authentication

Basic Access Authentication is the simplest technique of handling access control and authorization in a standardized way. It consists essentially of an HTTP Authorization Basic header followed by the user credentials (username and password) encoded using base64.

If that looks complicated to you, don’t worry. Most client software provide simple mechanisms to use HTTP Basic Authentication, like curl, Request (JavaScript) and Requests (Python).

For requests to CARTO’s APIs, take the API Key as the password, and the username as the user who issued that API Key.

Examples:

Curl
123
curl -X GET \ 'https://username.carto.com/endpoint/' \ -H 'authorization: Basic dXNlcm5hbWU6MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MA=='
Request (JavaScript)
123456
request.get('https://username.carto.com/endpoint/', { 'auth': { 'user': 'username', 'pass': 1234567890123456789012345678901234567890 }});
Requests (Python)
1
r = requests.get('https://username.carto.com/endpoint/', auth=(username, 1234567890123456789012345678901234567890))

Query string/Request body parameter

Alternatively, you can use an URL query string parameter or a field in the request body. In both cases, the name of the parameter is api_key.

Examples:

1
curl -X GET 'https://username.carto.com/endpoint/?api_key=1234567890123456789012345678901234567890'
123456
curl -X POST \ 'https://username.carto.com/endpoint/' \ -H 'content-type: application/json' \ -d '{"api_key": "1234567890123456789012345678901234567890" }'

If, for some mysterious reason, you submit the API Key with more than one of the available methods, the order of precedence is as follows:

  1. HTTP Basic Authentication header
  2. URL query string parameter
  3. Request body field

Likewise, for security reasons and future-proofing, we recommend that you use that same order when choosing a method for sending the API Key. In other words, favour the use of HTTP Basic Authentication over the URL query string, and try to avoid the body field. We support this method just for backwards compatibility.

Auth API - How to send api keys — Documentation — CARTO (2024)

FAQs

How to authenticate with API key? ›

To use an API that requires key-based authentication, the user or application includes the API key as a parameter in the request, typically as a query parameter or in a header. The API provider verifies the key and then allows or denies access to the API based on the user's permissions and the API's usage limits.

Read On
How to call API with API key? ›

How to Make API calls
  1. Find the URI of the external server or program.
  2. Add an HTTP verb.
  3. Include a header.
  4. Include an API key or access token.
  5. Wait for the response.
Sep 20, 2021

Discover More Details
What is the difference between API key and auth token? ›

The main distinction between these two is: API keys identify the calling project — the application or site — making the call to an API. Authentication tokens identify a user — the person — that is using the app or site.

Continue Reading
What are API keys used for? ›

An application programming interface (API) key is a code used to identify and authenticate an application or user. API keys are available through platforms, such as a white-labeled internal marketplace. They also act as a unique identifier and provide a secret token for authentication purposes.

See Details
How do I pass API authentication? ›

In API key authentication, the API provider assigns a unique key to each client accessing the API. The client needs to include their API key as part of the request to authenticate themselves. The API key can be included anywhere in the request, such as the header, body, or query parameters.

Find Out More
How to pass an API key? ›

When authenticating with an API key, you don't need to reference your account credentials. Instead, you pass the API key in the HTTP header of your authentication request. Each organization can have up to 20 API keys. API keys are associated with an organization and not individual users.

Tell Me More
Which is the most secure method to transmit an API key? ›

Don't share API keys through email. Always use HTTPS/SSL for your API requests — some APIs won't field your request if you're not using it.

Show Me More
How do I call one API from another API? ›

When an API is acting on behalf of a user and needs to call another API, the API must use OBO to acquire a delegated permission access token to call the Downstream API on behalf of the user. APIs should never use application permissions to call Downstream APIs when the API is acting on behalf of a user.

Explore More
How do I send a request to an API? ›

After you specify the request protocol, method, and URL, add any other details required by the API you're sending the request to: Specify any parameters and body data or request headers you need to send with the request. Set up any required authentication and authorization.

Continue Reading
Is API key basic auth? ›

You can pass the API key via Basic Auth as either the username or password. Most implementations pair the API key with a blank value for the unused field (username or password). You will need to base64-encode the `username:password` content, but most request libraries do this for you.

Show Me More

How do I authenticate API with token? ›

How API Tokens Work
  1. A user or application trying to connect with the API provides the token to the API server to authenticate their identity and access.
  2. The server reviews the token. If the token is valid, the API server grants the requested level of access.

Read The Full Story
How to generate API key? ›

Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key.

See Details
Where should I put my API key? ›

Keep API keys isolated from the main code and away from the public eye by storing them in environmental variables. Always keep API keys in safe key management solutions for storage. Make sure that the keys are encrypted both in transit and at rest. Alternate your API keys regularly to minimize exposure concerns.

Get More Info Here
How can I find my API key? ›

To find an API key, you usually need to visit the website or platform that offers the API you want to use. The process can vary depending on the specific API provider, but you typically need to sign up for an account, create a project or application, and then generate an API key within that project.

Continue Reading
Should I give someone my API key? ›

The API key should never leave your control. Your API key should only ever be communicated between your server and OpenAI's server. If you ever send it to a client it will, with near-certainty become compromised.

View More
How do I verify my API key? ›

You can set up API key validation for an API by attaching a policy of type Verify API Key. The only required setting for a VerifyAPIKey policy is the expected location of the API key in the client request. The API proxy will check the location that you specify, and extract the API key.

View Details
How can I authenticate API requests? ›

To authenticate API requests, use basic authentication with your email address and password, your email address and an API token, or an OAuth access token. All methods of authentication set the authorization header differently. Credentials sent in the payload or URL are not processed.

See More
Top Articles
Is it Better to Own Cash or Gold?
Blueberry costs skyrocket because of supply shortage
Radikale Landküche am Landgut Schönwalde
Walgreens Pharmqcy
Top Scorers Transfermarkt
Explore Tarot: Your Ultimate Tarot Cheat Sheet for Beginners
America Cuevas Desnuda
Tanger Outlets Sevierville Directory Map
Ou Class Nav
Midway Antique Mall Consignor Access
Bustle Daily Horoscope
Imbigswoo
Tugboat Information
Craigslist Pikeville Tn
Aspen.sprout Forum
Hair Love Salon Bradley Beach
2015 Honda Fit EX-L for sale - Seattle, WA - craigslist
Enterprise Car Sales Jacksonville Used Cars
Lawson Uhs
97226 Zip Code
If you bought Canned or Pouched Tuna between June 1, 2011 and July 1, 2015, you may qualify to get cash from class action settlements totaling $152.2 million
Air Traffic Control Coolmathgames
Toothio Login
Disputes over ESPN, Disney and DirecTV go to the heart of TV's existential problems
January 8 Jesus Calling
Anesthesia Simstat Answers
Core Relief Texas
Town South Swim Club
Hotel Denizen Mckinney
Gr86 Forums
Ourhotwifes
Gideon Nicole Riddley Read Online Free
Gabrielle Enright Weight Loss
Etowah County Sheriff Dept
Build-A-Team: Putting together the best Cathedral basketball team
Housing Intranet Unt
Top 25 E-Commerce Companies Using FedEx
Second Chance Apartments, 2nd Chance Apartments Locators for Bad Credit
Tryst Houston Tx
Mugshots Journal Star
Anthem Bcbs Otc Catalog 2022
Walmart 24 Hrs Pharmacy
Swoop Amazon S3
Senior Houses For Sale Near Me
Wisconsin Volleyball titt*es
5103 Liberty Ave, North Bergen, NJ 07047 - MLS 240018284 - Coldwell Banker
Fine Taladorian Cheese Platter
25100 N 104Th Way
Is Chanel West Coast Pregnant Due Date
Sdn Dds
Volstate Portal
Latest Posts
How Much To Charge For Lead Generation? [In-Depth Analysis Of 100+ Lead Generation Agencies] - #1 Linkedin Automation Tool
P0358 OBD-II code: Ignition coil primary/secondary circuit
Article information

Author: Dong Thiel

Last Updated:

Views: 5739

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.