Auth API - How to send api keys — Documentation — CARTO (2024)

Table of Contents
How to send API Keys HTTP Basic Authentication Query string/Request body parameter FAQs

How to send API Keys

A CARTO API Key is physically a token/code of 12+ random alphanumeric characters.

You can pass in the API Key to our APIs either by using the HTTP Basic authentication header or by sending an api_key parameter via the query string or request body.

Tip: If you use our client library CARTO.js, you only need to follow the authorization section and we will handle API Keys automatically for you.

The examples shown to illustrate the different methods of how to send API Keys use the following parameters:

See Also
How to Get Your Binance API Keys and Use Them [Full Guide]Private Key | Binance AcademyAPI key authentication

123
- user: username - API Key: 1234567890123456789012345678901234567890 - API endpoint: https://username.carto.com/endpoint/

HTTP Basic Authentication

Basic Access Authentication is the simplest technique of handling access control and authorization in a standardized way. It consists essentially of an HTTP Authorization Basic header followed by the user credentials (username and password) encoded using base64.

If that looks complicated to you, don’t worry. Most client software provide simple mechanisms to use HTTP Basic Authentication, like curl, Request (JavaScript) and Requests (Python).

For requests to CARTO’s APIs, take the API Key as the password, and the username as the user who issued that API Key.

Examples:

Curl
123
curl -X GET \ 'https://username.carto.com/endpoint/' \ -H 'authorization: Basic dXNlcm5hbWU6MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MA=='
Request (JavaScript)
123456
request.get('https://username.carto.com/endpoint/', { 'auth': { 'user': 'username', 'pass': 1234567890123456789012345678901234567890 }});
Requests (Python)
1
r = requests.get('https://username.carto.com/endpoint/', auth=(username, 1234567890123456789012345678901234567890))

Query string/Request body parameter

Alternatively, you can use an URL query string parameter or a field in the request body. In both cases, the name of the parameter is api_key.

Examples:

1
curl -X GET 'https://username.carto.com/endpoint/?api_key=1234567890123456789012345678901234567890'
123456
curl -X POST \ 'https://username.carto.com/endpoint/' \ -H 'content-type: application/json' \ -d '{"api_key": "1234567890123456789012345678901234567890" }'

If, for some mysterious reason, you submit the API Key with more than one of the available methods, the order of precedence is as follows:

  1. HTTP Basic Authentication header
  2. URL query string parameter
  3. Request body field

Likewise, for security reasons and future-proofing, we recommend that you use that same order when choosing a method for sending the API Key. In other words, favour the use of HTTP Basic Authentication over the URL query string, and try to avoid the body field. We support this method just for backwards compatibility.

Auth API - How to send api keys — Documentation — CARTO (2024)

FAQs

How to authenticate with API key? ›

To use an API that requires key-based authentication, the user or application includes the API key as a parameter in the request, typically as a query parameter or in a header. The API provider verifies the key and then allows or denies access to the API based on the user's permissions and the API's usage limits.

Read On
How to call API with API key? ›

How to Make API calls
  1. Find the URI of the external server or program.
  2. Add an HTTP verb.
  3. Include a header.
  4. Include an API key or access token.
  5. Wait for the response.
Sep 20, 2021

Discover More Details
What is the difference between API key and auth token? ›

The main distinction between these two is: API keys identify the calling project — the application or site — making the call to an API. Authentication tokens identify a user — the person — that is using the app or site.

Continue Reading
What are API keys used for? ›

An application programming interface (API) key is a code used to identify and authenticate an application or user. API keys are available through platforms, such as a white-labeled internal marketplace. They also act as a unique identifier and provide a secret token for authentication purposes.

See Details
How do I pass API authentication? ›

In API key authentication, the API provider assigns a unique key to each client accessing the API. The client needs to include their API key as part of the request to authenticate themselves. The API key can be included anywhere in the request, such as the header, body, or query parameters.

Find Out More
How to pass an API key? ›

When authenticating with an API key, you don't need to reference your account credentials. Instead, you pass the API key in the HTTP header of your authentication request. Each organization can have up to 20 API keys. API keys are associated with an organization and not individual users.

Tell Me More
Which is the most secure method to transmit an API key? ›

Don't share API keys through email. Always use HTTPS/SSL for your API requests — some APIs won't field your request if you're not using it.

Show Me More
How do I call one API from another API? ›

When an API is acting on behalf of a user and needs to call another API, the API must use OBO to acquire a delegated permission access token to call the Downstream API on behalf of the user. APIs should never use application permissions to call Downstream APIs when the API is acting on behalf of a user.

Explore More
How do I send a request to an API? ›

After you specify the request protocol, method, and URL, add any other details required by the API you're sending the request to: Specify any parameters and body data or request headers you need to send with the request. Set up any required authentication and authorization.

Continue Reading
Is API key basic auth? ›

You can pass the API key via Basic Auth as either the username or password. Most implementations pair the API key with a blank value for the unused field (username or password). You will need to base64-encode the `username:password` content, but most request libraries do this for you.

Show Me More

How do I authenticate API with token? ›

How API Tokens Work
  1. A user or application trying to connect with the API provides the token to the API server to authenticate their identity and access.
  2. The server reviews the token. If the token is valid, the API server grants the requested level of access.

Read The Full Story
How to generate API key? ›

Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key.

See Details
Where should I put my API key? ›

Keep API keys isolated from the main code and away from the public eye by storing them in environmental variables. Always keep API keys in safe key management solutions for storage. Make sure that the keys are encrypted both in transit and at rest. Alternate your API keys regularly to minimize exposure concerns.

Get More Info Here
How can I find my API key? ›

To find an API key, you usually need to visit the website or platform that offers the API you want to use. The process can vary depending on the specific API provider, but you typically need to sign up for an account, create a project or application, and then generate an API key within that project.

Continue Reading
Should I give someone my API key? ›

The API key should never leave your control. Your API key should only ever be communicated between your server and OpenAI's server. If you ever send it to a client it will, with near-certainty become compromised.

View More
How do I verify my API key? ›

You can set up API key validation for an API by attaching a policy of type Verify API Key. The only required setting for a VerifyAPIKey policy is the expected location of the API key in the client request. The API proxy will check the location that you specify, and extract the API key.

View Details
How can I authenticate API requests? ›

To authenticate API requests, use basic authentication with your email address and password, your email address and an API token, or an OAuth access token. All methods of authentication set the authorization header differently. Credentials sent in the payload or URL are not processed.

See More
Top Articles
How to Read Market Psychology: Key points that every trader should know
Rare 50p coin fetches £2,500 at auction - see the Royal Mint's rarest coins
Navicent Human Resources Phone Number
Body Rubs Austin Texas
GAY (and stinky) DOGS [scat] by Entomb
Tlc Africa Deaths 2021
Music Archives | Hotel Grand Bach - Hotel GrandBach
Herbalism Guide Tbc
Zürich Stadion Letzigrund detailed interactive seating plan with seat & row numbers | Sitzplan Saalplan with Sitzplatz & Reihen Nummerierung
800-695-2780
Cinebarre Drink Menu
Straight Talk Phones With 7 Inch Screen
Walmart stores in 6 states no longer provide single-use bags at checkout: Which states are next?
2020 Military Pay Charts – Officer & Enlisted Pay Scales (3.1% Raise)
Allentown Craigslist Heavy Equipment
Viha Email Login
Bible Gateway passage: Revelation 3 - New Living Translation
At&T Outage Today 2022 Map
Kirk Franklin Mother Debra Jones Age
Churchill Downs Racing Entries
Cfv Mychart
Kaliii - Area Codes Lyrics
Till The End Of The Moon Ep 13 Eng Sub
Gncc Live Timing And Scoring
Frequently Asked Questions - Hy-Vee PERKS
Utexas Baseball Schedule 2023
Wake County Court Records | NorthCarolinaCourtRecords.us
Where Can I Cash A Huntington National Bank Check
Kaiju Paradise Crafting Recipes
Jr Miss Naturist Pageant
10 Most Ridiculously Expensive Haircuts Of All Time in 2024 - Financesonline.com
Skip The Games Ventura
Directions To 401 East Chestnut Street Louisville Kentucky
Sephora Planet Hollywood
The Boogeyman Showtimes Near Surf Cinemas
The Syracuse Journal-Democrat from Syracuse, Nebraska
Dynavax Technologies Corp (DVAX)
Dmitri Wartranslated
Gun Mayhem Watchdocumentaries
Suffix With Pent Crossword Clue
Gfs Ordering Online
Gym Assistant Manager Salary
Best GoMovies Alternatives
Promo Code Blackout Bingo 2023
Vérificateur De Billet Loto-Québec
Dontrell Nelson - 2016 - Football - University of Memphis Athletics
The Complete Uber Eats Delivery Driver Guide:
Displacer Cub – 5th Edition SRD
Benjamin Franklin - Printer, Junto, Experiments on Electricity
Google Flights Missoula
Gelato 47 Allbud
Latest Posts
Sustainable eating is cheaper and healthier - Oxford study |
How long is Bee Simulator? | HowLongToBeat
Article information

Author: Dong Thiel

Last Updated:

Views: 5739

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.