Working directly with the Karhoo APIs requires valid credentials (an API key or a username/password pair).
Contact Karhoo to gain full access to the platform.
There are two types of credentials that can be used with Karhoo APIs as an authorisation grant:
- API keys
- Username and Password
API keys are usually easier in utilisation and therefore should be the preferred choice for backend-to-backend integrations.
The prerequisite for using this authorisation grant is a valid Karhoo account (registered by a Karhoo representative). Once the account is created, the user can then login to the Partner Portal and issue an API Key, which can be used directly in API calls as an authorisation grant.
Log in to the Partner Portal using Sign in with email option.
Navigate to the API Keys and generate a new API key with a preferred access scope.
API Keys enable access to Karhoo endpoints when added to the
Authorization header with the
ApiKey auth scheme.
Authorization: ApiKey <issued-api-key>
Username and Password authentication is deprecated and will be removed on 01/01/2023. In case you are using this authentication method please contact Karhoo and switch to Api Keys.
The prerequisite for using this authorisation grant is a valid Karhoo account (registered by a Karhoo representative). The username and password can then be exchanged for an intermediary authorisation grant: an access token, which can be used directly in API calls.
When you are approved as a user, you will be provided with username and password credentials. Use them first to interact with the Auth API
/auth/token endpoint. A successful call to that service will respond with the following properties:
access_token- a JSON Web Token (JWTs)
expires_in- the length of time in seconds that the
refresh_token- to renew the
access_tokenbefore it expires
Access tokens enable access to Karhoo endpoints when added to the
Authorization header with the Bearer Token auth scheme.
Authorization: Bearer <issued-access-token>
See the code samples in the Karhoo API Explorer for guidance for how to correctly format working API requests.
These access tokens will expire after the number of seconds in the
expires_in time property value. When the
access_token expires, a new one is requested using the Refresh Access Token endpoint.
Access tokens enable access to Karhoo endpoints when adding it to the Authorization header as a Bearer Token . See the code samples in the Karhoo API Explorer for guidance for how to correctly format working API requests.
Updated about 1 year ago