Managing Credentials

All requests to the CARTO APIs must be authenticated. When starting a project or building an application you can choose between three types of authentication strategies:

  • API Access Tokens

  • Single-Page Application (SPA) OAuth Clients

  • Machine-to-Machine (M2M) OAuth Clients

Which authentication strategy is the right one for my project?

We have covered this topic more in-depth including detailed explanations for each strategy and recommendations in the Authentication Methods section of our CARTO for Developers documentation.

However, if you just want to test things out and build a simple application with no authentication, you should create an API Access Token first.

This section allows you to seamlessly create, edit and manage API Access Tokens, SPA OAuth Clients, and M2M OAuth Clients. It also contains the current API Base URL that you should use in all your API calls. Learn more about the API Base URL.

Last updated

Was this helpful?