Every request to the Carto-Art API must include a bearer token. Tokens are bound to a Carto-Art account and inherit the role of the issuing user.
Issuing a key
Generate a key from the dashboard:
curl -X POST https://cartoart.net/api/v1/auth/keys \
-H "Authorization: Bearer $CARTO_ART_SESSION" \
-H "Content-Type: application/json" \
-d '{"name": "production-server"}'
The response includes a key field. Store this value immediately — it is only shown once.
Using the key
Pass the key in the Authorization header:
curl https://cartoart.net/api/v1/posters/generate \
-H "Authorization: Bearer ca_live_xxx" \
-H "Content-Type: application/json" \
-d '{"location": {"lat": 40.7128, "lng": -74.0060}, "style": "minimal"}'
Key scopes
Keys inherit the role of the issuing user. A free-tier user cannot exceed free-tier quotas even with a brand-new key.
Rotation
Rotate keys at least every 90 days. The dashboard shows the last_used_at timestamp for each key so you can spot stale ones.