How to authenticate
Credentials Required
Working directly with the Karhoo APIs requires a valid username and password.
Contact Karhoo to gain full access to the platform.For the Sandbox environment, you can auto-generate access credentials by doing 'xyz' to try out the platform. For Production access please contact Karhoo.
Generate access tokens
When you are approved as a user, you will be provided with username and password credentials. Use them first to interact with the Auth API /auth/token
endpoint. A successful call to that service will respond with something like:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik9UWXdPRVV3T0RGQk5VWkRPRGxFUlRWRU1VRkJPRUl5UTBRd05UY3pORGMzTWtReFFUSTNNdyJ9.eyJodHRwczovL2thcmhvby5jb20vYXBwX21ldGFkYXRhIjp7InZlcnNpbx4iOxIxXjxuMXIsIxVzxXxxxxxxxxxxaG9vXxxxxxxxxxxYTdxxxxxxxxxxi00NDExLWI5NzctMjgxMzc5OGE3YzExIiwiYXV0aDB",
"expires_in": 86400,
"refresh_token": "Xx9x9xXxxxxxXxXxaxXx9xxxxxxxXxXx-xXxxxxxXxXx9x"
}
access_token
is a Base64 encoded JSON Web Token (JWTs)expires_in
is the length of time in seconds that theaccess_token
is validrefresh_token
is to renew theaccess_token
before it expires
Use access tokens
Access tokens enable access to Karhoo endpoints when adding it to the Authorization header as a Bearer Token . See the code samples in the Karhoo API Explorer for guidance for how to correctly format working API requests.
Refresh access tokens
These access tokens will expire after the number of seconds in the expires_in time
property value. When the access_token
expires, a new one is requested using the Refresh Access Token endpoint.
Updated over 4 years ago