The CARTO Maps API allows you to generate maps based on data hosted in your CARTO account.

General Concepts

The following concepts are the same for every endpoint in the API except when it’s noted explicitly.


By default, users do not have access to private tables in CARTO. In order to instantiate a map from private table data an API Key is required. Additionally, to include some endpoints, an API Key must be included (e.g. creating a Named Map).

To execute an authorized request, api_key=YOURAPIKEY should be added to the request URL. The param can be also passed as POST param. Using HTTPS is mandatory when you are performing requests that include your api_key.


Errors are reported using standard HTTP codes and extended information encoded in JSON with this format:

  "errors": [
    "access forbidden to table TABLE"

If you use JSONP, the 200 HTTP code is always returned so the JavaScript client can receive errors from the JSON object.

CORS Support

All the endpoints, which might be accessed using a web browser, add CORS headers and allow OPTIONS method.