Create your projects and apps using CARTO API keys credentials.

This component is still under support but it will not be further developed. We don’t recommend starting new projects with it as it will eventually become deprecated. Instead, learn more about our new APIs here

General Considerations

  • Regenerate a regular/master API Key if you suspect it has being compromised. A regenerated API Key grants the same permissions as before, but has a new code/token. Maps/apps using a regenerated API Key must be updated to adapt to that change, otherwise they will stop working.
  • Send always an API Key in your API requests
  • Issue a new regular API Key per map/app. Try to avoid sharing keys between maps/apps
  • Grant the least amount of necessary permissions per API Key
  • Use the Master API Key sparingly
  • Keep your Master API Key secret!
  • Do not overuse the Default Public API Key. It’s meant for obviously public Datasets.