Windshaft-cartodb/docs/general_concepts.md

# General Concepts

The following concepts are the same for every endpoint in the API except when it's noted explicitly.

## Auth

By default, users do not have access to private tables in CARTO. In order to instantiate a map from private table data an API Key is required. Additionally, to include some endpoints, an API Key must be included (e.g. creating a Named Map).

To execute an authorized request, `api_key=YOURAPIKEY` should be added to the request URL. The param can be also passed as POST param. Using HTTPS is mandatory when you are performing requests that include your `api_key`.

## Errors

Errors are reported using standard HTTP codes and extended information encoded in JSON with this format:

```javascript
{
  "errors": [
    "access forbidden to table TABLE"
  ]
}
```

If you use JSONP, the 200 HTTP code is always returned so the JavaScript client can receive errors from the JSON object.

## CORS support

All the endpoints, which might be accessed using a web browser, add CORS headers and allow OPTIONS method.
newdocs: fix titles 2015-10-22 21:02:01 +08:00			`# General Concepts`
newdocs: split files 2015-10-22 19:28:08 +08:00
			`The following concepts are the same for every endpoint in the API except when it's noted explicitly.`

newdocs: fix titles 2015-10-22 21:02:01 +08:00			`## Auth`
newdocs: split files 2015-10-22 19:28:08 +08:00
reverted rebranded coe, as instructed. Legacy cartodb code appears instead. Also applied ALL CAPS for rebranded name, as instructed 2016-06-01 01:40:41 +08:00			`By default, users do not have access to private tables in CARTO. In order to instantiate a map from private table data an API Key is required. Additionally, to include some endpoints, an API Key must be included (e.g. creating a Named Map).`
newdocs: split files 2015-10-22 19:28:08 +08:00
			To execute an authorized request, `api_key=YOURAPIKEY` should be added to the request URL. The param can be also passed as POST param. Using HTTPS is mandatory when you are performing requests that include your `api_key`.

newdocs: fix titles 2015-10-22 21:02:01 +08:00			`## Errors`
newdocs: split files 2015-10-22 19:28:08 +08:00
			`Errors are reported using standard HTTP codes and extended information encoded in JSON with this format:`

			```javascript
			`{`
			`"errors": [`
			`"access forbidden to table TABLE"`
			`]`
			`}`
			```

			`If you use JSONP, the 200 HTTP code is always returned so the JavaScript client can receive errors from the JSON object.`

newdocs: fix titles 2015-10-22 21:02:01 +08:00			`## CORS support`
newdocs: split files 2015-10-22 19:28:08 +08:00
			`All the endpoints, which might be accessed using a web browser, add CORS headers and allow OPTIONS method.`