Create API tokens

Create API tokens when another system needs access to your subaccount data.

Written By Carrott Support

Last updated About 1 month ago

What API tokens are for

API tokens let external tools connect to Carrott. They are subaccount-specific and should only be shared with trusted systems.

Steps

  1. Open Settings.
  2. Go to API Tokens.
  3. Select Create Token.
  4. Add a clear token name.
  5. Choose the required permissions.
  6. Create the token.
  7. Copy the token and store it securely.

Important

The token is shown once. If you lose it, create a new token and revoke the old one.

Permissions

Choose only the permissions the integration needs.

Permission typeUse it for
Templates readReading card template information.
Customers readReading customer records.
Customers writeCreating or updating customers.
Customer cards readReading balances, membership status, or card records.
Customer cards writeUpdating customer card data.

Using the API

Send the token in the x-api-key header:

x-api-key: your_token_here

You can open the API reference from the API Tokens page.

Security tips

  • Use one token per integration.
  • Name tokens clearly, such as Website signup form or POS sync.
  • Revoke tokens that are no longer used.
  • Do not paste tokens into public docs, emails, or chat tools.