Raster
API ReferenceGraphQL API

Authentication

Create API keys, scope them to libraries, and authenticate every request.

Every request to the Raster API is authenticated with an API key. Keys are created per organization and can be scoped to grant access only to the libraries you choose.

API keys

A public, read-capable API key lets external applications reach permitted libraries through the Raster API. You manage keys in each organization's settings, where you can:

  1. Create a key when you need one.
  2. Scope it by enabling access only to specific libraries.
  3. Regenerate it if it is ever exposed.
  4. Delete it when it is no longer needed.

Creating a key

Open organization settings

Go to Organization name → Settings in the Raster app.

Generate a new key

In the API keys section, generate a new key. Copy it immediately — for security, the full key is shown only once.

Grant library access

Enable Read access for every library the key should reach. Add Write access if the key will upload or delete assets. Save your changes.

Treat API keys like passwords. Never commit them to source control or expose them in client-side code. If a key leaks, regenerate it immediately — the old value stops working at once.

Access levels

Each key carries a per-library access level. Operations check this level before running:

LevelGrants
ReadRun queries — assets, libraries, tags.
WriteRun mutations — uploadAssets, deleteAssets. Includes read.

A request that targets a library the key cannot reach fails with an UNAUTHORIZED error.

Authenticating a request

Send your key as a bearer token in the Authorization header:

Authorization: Bearer pk_4eC39HqLH3U46nipzJ6ixhzdp7dc42Sf

A complete request looks like this:

Terminal
curl --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <API_KEY>' \
  --url 'https://api.raster.app/' \
  --data '{"query": "query { libraries(organizationId: \"monogram-labs\") { id name } }"}'

Requirements

  • HTTPS only. Requests over plain HTTP are rejected.
  • Authentication required. Requests without a valid key are rejected.
  • Scope matters. The key must have the right access level for every library it touches.

Getting Started

Make your first authenticated request to the Raster GraphQL API.

Queries

Read assets, libraries, and tags from your Raster organization.

On this page

API keysCreating a keyOpen organization settingsGenerate a new keyGrant library accessAccess levelsAuthenticating a requestRequirements