API Keys

Caret uses API keys to authenticate requests. API keys are workspace-specific and provide full access to the associated workspace’s resources.

Creating an API Key

To create an API key:

  1. Log in to your Caret workspace
  2. Navigate to Workspace Settings > API & Integrations > API Keys
  3. Click “Create API Key”
  4. Enter a descriptive name for your API key
  5. Click “Create”
  6. Your API key will be displayed. Make sure to copy it immediately as it won’t be shown again.

API Key Format

Caret API keys have the following format:

caret_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxx

Always keep your API keys secure and never share them in public repositories or client-side code.

Using API Keys

To authenticate your requests, include your API key in the Authorization header of your requests.

Authorization: Bearer caret_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxx

Example Request

curl -X GET \
  https://api.caret.so/v1/notes \
  -H 'Authorization: Bearer caret_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxx'

API Key Security

Here are some best practices for keeping your API keys secure:

  1. Never hardcode API keys: Store them in environment variables or a secure key management system.
  2. Rotate keys regularly: Create new API keys and deprecate old ones on a regular schedule.
  3. Use separate keys for different environments: Use different API keys for development, staging, and production.
  4. Restrict access: Limit which users in your organization can create and manage API keys.
  5. Monitor usage: Regularly review the usage of your API keys to detect any unusual activity.

Revoking API Keys

If an API key is compromised, you should revoke it immediately:

  1. Log in to your Caret workspace
  2. Navigate to Workspace Settings > API & Integrations > API Keys
  3. Find the API key you want to revoke
  4. Click “Revoke”
  5. Confirm the action

Once revoked, all requests using that API key will be rejected.

Next Steps