HomeAPI ReferenceGuidesChangelogKarhoo.com

What is a Bearer Token?

Suggest Edits

Like many modern web, applications, Karhoo APIs authenticate using Bearer Tokens.

Bearer Tokens are sent in the Authorization header of HTTP requests, just like with Basic and Digest Auth. You can see the format and usage of the Bearer Token in the Karhoo API Explorer code samples like below:

'authorization: Bearer eyJraWQiOiI3MzQ4NDYwMDkiLCJ4NXQiOiJBT1hmUmRFVklIdjNMUWk1RGliSE9menQtbXMiLCJhbGciOiJSUzI1NiJ9.eyJqdGkxxxJQJDExMzlhZmU1LTk1ZjQtNGZhZC04MzE0LTc4ZGQxOTQ0ZjNiZiIsImRlbGVnYXRpb25JZCI6Ijk1YzdkMjYyLThkNGItNDM3MC1iYzhlLTUyMmNlNTYxOTdjMSIsImV4cCI6MTU3Njc5NjU0MSwibmJmIjoxNTc2Nzc0OTQxLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIGh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiLCJpc3MiOiJodHRwczovL2thcmhvby1zYW5kYm94LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdWQiOlsiaHR0cHM6Ly9yZXN0LnNhbmRib3gua2FyaG9vLmNvbSIsIndlYi1rYXJob28tZGV2cG9ydGFsIl0sImlhdCI6MTU3Njc3NDk0MSwicHVycG9zZSI6ImFjY2Vzc190b2tlbiIsImh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiOnsidXNlciI6xxxrYXJob29faWQiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdXRoMF9pZCI6IiIsInByb2ZpbGUiOnsiZmlyc3RfbmFtZSI6IlBhdWwiLCJsYXN0X25hbWUiOiJOZW5kaWNrIiwiZW1haWwiOiJwYXVsLm5lbmRpY2tAa2FyaG9vLmNvbSIsInBob25lIjoiIiwibG9jYWxlIjoiZW4tR0IifSwicHJpbWFyeV9vcmdhbmlzYXRpb24iOiI1ZmM0ZjMzYi0yODMyLTQ2NmUtOTk0My04NzI4NTg5ZWY3MjciLCJvcmdhbmlzYXRpb25zIjp7IjVmYzRmMzNiLTI4MzItNDY2ZS05OTQzLTg3Mjg1ODllZjcyNyI6eyJuYW1lIjoiRGVmYXVsdE9yZ0Zvckthcmhvb0FwcFVzZXJzIiwicm9sZXMiOlsiVFJJUF9BRE1JTiIsIlVTRVIiLCJUUklQX0ZPTExPV19BQ0NFU1MiXX19fSwidmVyc2lvbiI6IjEuMCJ9fQ.lTK-m7vpckrLbSnJNHFd0XgpuCvsrVuV0g6jW5jPyF5jdbUHXppixj4tlI64BVEHuthjenPT5Wej756rkBdw9TCF5v2Bq740ZiZPnNmCCcIxAB-yepi8JFIkKIwpzcr3UCF4LR35D3voHxlBBYpIufPdJWdFEE45FANBec2hIG33mxUz1jRABx7lTZxpz7KOZzbuqBiTvLTIi20I1MYYmnKBVN_iqUwnZddEe5Yza4OoJxxxkOIcnuY0CuCUkKI7NAlKhxNd72cSBYY3OtGNCZkIeHKhTZ-dOyuOoUbKmm2_tywbPftXT91OfU2-PeXEPKYlXnAKfaRGt_aJnWzwA'

How this works

Bearers Token are generated by the Karhoo Auth API service. The Auth service:

  • authenticates the user by checking that the supplied username and password are authentic
  • ensures that the user belongs to the supplied organisation
  • determines what permissions the user has on the platform
  • generates and returns a valid Bearer Token in JWT format

Updated over 4 years ago

What’s Next