Caret uses API keys to authenticate requests. Manage your keys in the Developer Settings page in your app.
Creating API Keys
Access Settings
Go to the Developer Settings section in your Caret workspace.
Generate Key
Click Create New API Key and give it a descriptive name.
Assign Scopes
Select specific permissions. We recommend following the principle of least
privilege.
Store Securely
Copy your key immediately. For security, it will not be shown again.
Your API keys carry significant privileges. Never share them in public
repositories or client-side code.
Usage
Include your API key in the X-API-Key HTTP header.
curl -X GET "https://api.caret.so/v1/me" \
-H "X-API-Key: your_api_key_here"
Scopes
Define the access level for each key by selecting these permissions:
| Scope | Description |
|---|
users | Read user info and manage workspace invites. |
notes | Read and write meeting notes and summaries. |
folders | Create, update, and delete workspace folders. |
templates | Manage meeting templates and AI configurations. |
Best Practices
- One Key Per Service: Use separate keys for different environments.
- Rotate Regularly: Regenerate keys periodically to minimize leak impact.
- Environment Variables: Never hardcode keys in your source files.
Errors
- 401 Unauthorized: Key is missing, invalid, or revoked.
- 403 Forbidden: Key is valid but lacks required permissions for the endpoint.
