Back to Docs
Tutorial 2

Every request to the Carto-Art API must include a bearer token. Tokens are bound to a Carto-Art account and inherit the role of the issuing user.

Issuing a key

Generate a key from the dashboard:

curl -X POST https://cartoart.net/api/v1/auth/keys \
  -H "Authorization: Bearer $CARTO_ART_SESSION" \
  -H "Content-Type: application/json" \
  -d '{"name": "production-server"}'

The response includes a key field. Store this value immediately — it is only shown once.

Using the key

Pass the key in the Authorization header:

curl https://cartoart.net/api/v1/posters/generate \
  -H "Authorization: Bearer ca_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"location": {"lat": 40.7128, "lng": -74.0060}, "style": "minimal"}'

Key scopes

Keys inherit the role of the issuing user. A free-tier user cannot exceed free-tier quotas even with a brand-new key.

Rotation

Rotate keys at least every 90 days. The dashboard shows the last_used_at timestamp for each key so you can spot stale ones.