You need to authenticate your requests to access any of the endpoints in our REST API.

Obtain Authentication Details

To obtain a JWT Bearer Token that authenticates you for requests to CARO, you need to access your authentication details. You can obtain these details in the Developer Tools section.

<aside> ℹ️

If the use of one client Secret:ID pair or one authentication token for all your VRS customers conflicts with your own architecture, do let us know, since we have no insights into your systems. In that case, we may need to reconsider certain design decisions at our end.

</aside>

Obtain Bearer Token

Bearer tokens have a validity of 24 h. In the absence of any further agreement with us, each client is limited to 150 tokens per 24 hour window. Please reuse each token until its expiry.

Using the information obtained, you can now generate a JWT Bearer Token for usage with our APIs.

Initial Request

POST <https://auth.caro.vc/oauth/token>
Content-Type: application/json
{
  "audience": "<AUDIENCE>",
  "grant_type": "client_credentials",
  "client_id": "<CLIENT_ID>",
  "client_secret": "<CLIENT_SECRET>"
}

Response

A successful authentication request results in a response like this.

HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "expires_in": 86400
}

Request with Token

Here is how to add the token to the request header using cURL.

curl <https://api.caro.vc/api/v1/> \\
  -H "Authorization: Bearer {token}"

<aside> ❗

Always keep your token safe and reset it if you suspect it has been compromised.

</aside>