Karhoo for Developers | Mobility Exchange API and SDK reference

What is a Bearer Token?

Like many modern web, applications, Karhoo APIs authenticate using Bearer Tokens.

Bearer Tokens are sent in the Authorization header of HTTP requests, just like with Basic and Digest Auth. You can see the format and usage of the Bearer Token in the Karhoo API Explorer code samples like below:

'authorization: Bearer eyJraWQiOiI3MzQ4NDYwMDkiLCJ4NXQiOiJBT1hmUmRFVklIdjNMUWk1RGliSE9menQtbXMiLCJhbGciOiJSUzI1NiJ9.eyJqdGkxxxJQJDExMzlhZmU1LTk1ZjQtNGZhZC04MzE0LTc4ZGQxOTQ0ZjNiZiIsImRlbGVnYXRpb25JZCI6Ijk1YzdkMjYyLThkNGItNDM3MC1iYzhlLTUyMmNlNTYxOTdjMSIsImV4cCI6MTU3Njc5NjU0MSwibmJmIjoxNTc2Nzc0OTQxLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIGh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiLCJpc3MiOiJodHRwczovL2thcmhvby1zYW5kYm94LmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdWQiOlsiaHR0cHM6Ly9yZXN0LnNhbmRib3gua2FyaG9vLmNvbSIsIndlYi1rYXJob28tZGV2cG9ydGFsIl0sImlhdCI6MTU3Njc3NDk0MSwicHVycG9zZSI6ImFjY2Vzc190b2tlbiIsImh0dHBzOi8va2FyaG9vLmNvbS9hcHBfbWV0YWRhdGEiOnsidXNlciI6xxxrYXJob29faWQiOiJVWmF2N0xyV3Vfd1JWY216dC1CckNaeXQ4Mk1cdTAwM2QiLCJhdXRoMF9pZCI6IiIsInByb2ZpbGUiOnsiZmlyc3RfbmFtZSI6IlBhdWwiLCJsYXN0X25hbWUiOiJOZW5kaWNrIiwiZW1haWwiOiJwYXVsLm5lbmRpY2tAa2FyaG9vLmNvbSIsInBob25lIjoiIiwibG9jYWxlIjoiZW4tR0IifSwicHJpbWFyeV9vcmdhbmlzYXRpb24iOiI1ZmM0ZjMzYi0yODMyLTQ2NmUtOTk0My04NzI4NTg5ZWY3MjciLCJvcmdhbmlzYXRpb25zIjp7IjVmYzRmMzNiLTI4MzItNDY2ZS05OTQzLTg3Mjg1ODllZjcyNyI6eyJuYW1lIjoiRGVmYXVsdE9yZ0Zvckthcmhvb0FwcFVzZXJzIiwicm9sZXMiOlsiVFJJUF9BRE1JTiIsIlVTRVIiLCJUUklQX0ZPTExPV19BQ0NFU1MiXX19fSwidmVyc2lvbiI6IjEuMCJ9fQ.lTK-m7vpckrLbSnJNHFd0XgpuCvsrVuV0g6jW5jPyF5jdbUHXppixj4tlI64BVEHuthjenPT5Wej756rkBdw9TCF5v2Bq740ZiZPnNmCCcIxAB-yepi8JFIkKIwpzcr3UCF4LR35D3voHxlBBYpIufPdJWdFEE45FANBec2hIG33mxUz1jRABx7lTZxpz7KOZzbuqBiTvLTIi20I1MYYmnKBVN_iqUwnZddEe5Yza4OoJxxxkOIcnuY0CuCUkKI7NAlKhxNd72cSBYY3OtGNCZkIeHKhTZ-dOyuOoUbKmm2_tywbPftXT91OfU2-PeXEPKYlXnAKfaRGt_aJnWzwA' 

How this works

Bearers Token are generated by the Karhoo Auth API service. The Auth service:

  • authenticates the user by checking that the supplied username and password are authentic
  • ensures that the user belongs to the supplied organisation
  • determines what permissions the user has on the platform
  • generates and returns a valid Bearer Token in JWT format

Updated 3 months ago


What is a Bearer Token?


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.