Caro logo

Authentication via our REST API

You'll need to authenticate your requests to access any of the endpoints in the CARO API. In this guide, we'll look at how authentication works

Obtain Authentication Details

To obtain a JWT Bearer Token which authenticates you for requests to CARO, you need to access your authentication details. You can obtain these details by logging into your CARO instance and visting the Settings section.

Obtain Bearer Token

Note that bearer tokens have a validity of 24 h. In the absence of any further agreement with us, each client is limited to 150 tokens per 24 hour window.

Using the information obtained, you can now generate a JWT Bearer Token for usage with our APIs.

POST https://auth.caro.vc/oauth/token
Content-Type: application/json
{
  "audience": "<AUDIENCE>",
  "grant_type": "client_credentials",
  "client_id": "<CLIENT_ID>",
  "client_secret": "<CLIENT_SECRET>"
}

Response

A successful authentication request results in a response like this:

HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "expires_in": 86400
}

Example Request

Here's how to add the token to the request header using cURL:

Example request with bearer token

curl https://api.caro.vc/api/v1/ \
  -H "Authorization: Bearer {token}"

Always keep your token safe and reset it if you suspect it has been compromised.