Create your projects and apps using CARTO API keys credentials.
This component is still under support but it will not be further developed. We don’t recommend starting new projects with it as it will eventually become deprecated. Instead, learn more about our new APIs here
Regenerate a regular/master API Key if you suspect it has being compromised. A regenerated API Key grants the same permissions as before, but has a new code/token. Maps/apps using a regenerated API Key must be updated to adapt to that change, otherwise they will stop working.
Send always an API Key in your API requests
Issue a new regular API Key per map/app. Try to avoid sharing keys between maps/apps
Grant the least amount of necessary permissions per API Key
Use the Master API Key sparingly
Keep your Master API Key secret!
Do not overuse the Default Public API Key. It’s meant for obviously public Datasets.