API Access Tokens

API Access Tokens

API Access Tokens are the simplest method of authorization for a developer or an application to use the CARTO APIs. API Access Tokens are permanent and they are NOT tied to a specific user's set of permissions.

These tokens can be restricted to:

  • Use only specific APIs

  • Access only specific data sources for specific connections

  • Be used only by specific websites

How to get an API Access Token

To create an API Access Token, go to your CARTO Workspace and navigate to the Developers section. To read more about this, check our article on how to create your first API Access Token.

When to use API Access Tokens

You should use API Access Tokens if you are:

  • Testing any of the data-related CARTO APIs (Maps, SQL, LDS, Imports)

  • Testing deck.gl and other integrations

  • Building a import script or an ETL

  • Building a public application (no login required) or sharing code

  • Building a private application using your own login where the security access levels can still be managed manually.

API Access Tokens can be managed programmatically (to build more complex setups) using a Machine-to-Machine application, a different authentication method.

Last updated