General Introduction

CARO supports trading partners using a Verification Routing Service (VRS) for Product Identifier Verifications to comply with U.S. Drug Supply Chain Security Act (DSCSA) requirements for Authorized Trading Partners (ATP). To increase patient safety, the DSCSA postulates that pharmaceutical supply chain actors are only permitted to interact with trading partners that are authorized. Manufacturers and repackagers are authorized when they hold a valid FDA registration; wholesalers, third-party logistics providers (3PL), and dispensers require a State-issued license (refer to FDA guidance). Watch this FDA video for an introduction to the topic.

An ATP check on both sides is, for example, required for the verification of saleable returns or suspicious products. A wholesaler or dispenser would use their VRS to route the verification request to the original manufacturer. The manufacturer needs to identify the requester and verify the ATP status before sending a response with the product details. The identification and verification of the authorized status is also required when the requester receives a response from the manufacturer. Hence, both the requester and responder need mechanisms in place to ensure that the other side is an ATP.

Getting started for Service Providers

To get started, you need to access your authentication details. You can obtain these details by logging into CARO and open your Service Provider settings. After obtaining your API key, go to the Authentication section to learn how to authenticate your requests and go from there.



Learn how to authenticate your CARO API requests.

Read more


Read about the different types of errors returned by the CARO API.

Read more


Takes you through the CARO app and further relevant explanations.

Read more

Essential Concepts

Background knowledge on terminology used in our documentation and app.

Read more

Load Testing Considerations

Things to consider when performing load tests

Read more



Learn about the VRS endpoints and how to use them

Credential Issuer

Learn about the Credential Issuer Endpoints and how to use them