What is a Bearer Token?
Like many modern web, applications, Karhoo APIs authenticate using Bearer Tokens.
Bearer Tokens are sent in the Authorization
header of HTTP requests, just like with Basic and Digest Auth. You can see the format and usage of the Bearer Token in the Karhoo API Explorer code samples like below:
'authorization: Bearer eyJraWQiOiI3MzQ4NDYwMDkiLCJ4NXQiOiJBT1hmUmRFVklIdjNMUWk1RGliSE9menQtbXMiLCJhbGciOiJSUzI1NiJ9.eyJqdGkxxxJQJDExMzlhZmU1LTk1ZjQtNGZhZC04MzE0LTc4ZGQxOTQ0ZjNiZiIsImRlbGVnYXRpb25JZCI6Ijk1YzdkMjYyLThkNGItNDM3MC1iYzhlLTUyMmNlNTYxOTdjMSIsImV4cCI6MTU3Njc5NjU0MSwibmJmIjoxNTc2Nzc0OTQxLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIGh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiLCJpc3MiOiJodHRwczovL2thcmhvby1zYW5kYm94LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdWQiOlsiaHR0cHM6Ly9yZXN0LnNhbmRib3gua2FyaG9vLmNvbSIsIndlYi1rYXJob28tZGV2cG9ydGFsIl0sImlhdCI6MTU3Njc3NDk0MSwicHVycG9zZSI6ImFjY2Vzc190b2tlbiIsImh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiOnsidXNlciI6xxxrYXJob29faWQiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdXRoMF9pZCI6IiIsInByb2ZpbGUiOnsiZmlyc3RfbmFtZSI6IlBhdWwiLCJsYXN0X25hbWUiOiJOZW5kaWNrIiwiZW1haWwiOiJwYXVsLm5lbmRpY2tAa2FyaG9vLmNvbSIsInBob25lIjoiIiwibG9jYWxlIjoiZW4tR0IifSwicHJpbWFyeV9vcmdhbmlzYXRpb24iOiI1ZmM0ZjMzYi0yODMyLTQ2NmUtOTk0My04NzI4NTg5ZWY3MjciLCJvcmdhbmlzYXRpb25zIjp7IjVmYzRmMzNiLTI4MzItNDY2ZS05OTQzLTg3Mjg1ODllZjcyNyI6eyJuYW1lIjoiRGVmYXVsdE9yZ0Zvckthcmhvb0FwcFVzZXJzIiwicm9sZXMiOlsiVFJJUF9BRE1JTiIsIlVTRVIiLCJUUklQX0ZPTExPV19BQ0NFU1MiXX19fSwidmVyc2lvbiI6IjEuMCJ9fQ.lTK-m7vpckrLbSnJNHFd0XgpuCvsrVuV0g6jW5jPyF5jdbUHXppixj4tlI64BVEHuthjenPT5Wej756rkBdw9TCF5v2Bq740ZiZPnNmCCcIxAB-yepi8JFIkKIwpzcr3UCF4LR35D3voHxlBBYpIufPdJWdFEE45FANBec2hIG33mxUz1jRABx7lTZxpz7KOZzbuqBiTvLTIi20I1MYYmnKBVN_iqUwnZddEe5Yza4OoJxxxkOIcnuY0CuCUkKI7NAlKhxNd72cSBYY3OtGNCZkIeHKhTZ-dOyuOoUbKmm2_tywbPftXT91OfU2-PeXEPKYlXnAKfaRGt_aJnWzwA'
How this works
Bearers Token are generated by the Karhoo Auth API service. The Auth service:
- authenticates the user by checking that the supplied username and password are authentic
- ensures that the user belongs to the supplied organisation
- determines what permissions the user has on the platform
- generates and returns a valid Bearer Token in JWT format
Updated almost 5 years ago
What’s Next