Authentication via our REST API

You'll need to authenticate your requests to access any of the endpoints in the CARO API. In this guide, we'll look at how authentication works

Obtain Authentication Details

To obtain a JWT Bearer Token which authenticates you for requests to CARO, you need to access your authentication details. You can obtain these details by logging into your CARO instance and visting the Settings section.

Obtain Bearer Token

Using the information obtained, you can now generate a JWT Bearer Token for usage with our APIs.

Content-Type: application/json
  "audience": "<AUDIENCE>",
  "grant_type": "client_credentials",
  "client_id": "<CLIENT_ID>",
  "client_secret": "<CLIENT_SECRET>"


A successful authentication request results in a response like this:

HTTP/1.1 200 OK
Content-Type: application/json
  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "expires_in": 86400

Example Request

Here's how to add the token to the request header using cURL:

Example request with bearer token

curl \
  -H "Authorization: Bearer {token}"

Always keep your token safe and reset it if you suspect it has been compromised.