How to authenticate


Credentials Required

Working directly with the Karhoo APIs requires a valid username and password.
Contact Karhoo to gain full access to the platform.

Generate access tokens

When you are approved as a user, you will be provided with username and password credentials. Use them first to interact with the Auth API /auth/token endpoint. A successful call to that service will respond with something like:

  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik9UWXdPRVV3T0RGQk5VWkRPRGxFUlRWRU1VRkJPRUl5UTBRd05UY3pORGMzTWtReFFUSTNNdyJ9.eyJodHRwczovL2thcmhvby5jb20vYXBwX21ldGFkYXRhIjp7InZlcnNpbx4iOxIxXjxuMXIsIxVzxXxxxxxxxxxxaG9vXxxxxxxxxxxYTdxxxxxxxxxxi00NDExLWI5NzctMjgxMzc5OGE3YzExIiwiYXV0aDB",
  "expires_in": 86400,
  "refresh_token": "Xx9x9xXxxxxxXxXxaxXx9xxxxxxxXxXx-xXxxxxxXxXx9x"
  • access_token is a Base64 encoded JSON Web Token (JWTs)
  • expires_in is the length of time in seconds that the access_token is valid
  • refresh_token is to renew the access_token before it expires

Use access tokens

Access tokens enable access to Karhoo endpoints when adding it to the Authorization header as a Bearer Token . See the code samples in the Karhoo API Explorer for guidance for how to correctly format working API requests.

Refresh access tokens

These access tokens will expire after the number of seconds in the expires_in time property value. When the access_token expires, a new one is requested using the Refresh Access Token endpoint.