Create your projects and apps using CARTO API keys credentials.

General Considerations

  • Regenerate a regular/master API Key if you suspect it has being compromised. A regenerated API Key grants the same permissions as before, but has a new code/token. Maps/apps using a regenerated API Key must be updated to adapt to that change, otherwise they will stop working.
  • Send always an API Key in your API requests
  • Issue a new regular API Key per map/app. Try to avoid sharing keys between maps/apps
  • Grant the least amount of necessary permissions per API Key
  • Use the Master API Key sparingly
  • Keep your Master API Key secret!
  • Do not overuse the Default Public API Key. It’s meant for obviously public Datasets.