Authentication #

How to authenticate via our REST API #

Obtaining Client Details and your Secret #

To obtain a JWT Bearer Token which authenticates you for requests to CARO, you need to access your authentication details. You can obtain these details by logging in to your CARO instance and visting the Dashboard. There you will find details like the host, client_id, client_secret and audience

CARO VRS Dashboard

Obtaining a token via Client Credentials #

Note that bearer tokens have a validity of 24 h. In the absence of any further agreement with us, each client is limited to 150 tokens per 24 hour window.

Using the information obtained from your CARO Dashboard you can now generate a JWT Bearer Token for usage with our APIs.

POST https://<HOST>/oauth/token
Content-Type: application/json
  "audience": "<AUDIENCE>",
  "grant_type": "client_credentials",
  "client_id": "<CLIENT_ID>",
  "client_secret": "<CLIENT_SECRET>"

Response #

A successful authentication request results in a response like this:

HTTP/1.1 200 OK
Content-Type: application/json
  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "expires_in": 86400