<aside> ℹ️

The FAQ here are intended for CARO users and people who have already had some exposure to CARO. If you have just discovered CARO, you might find the introductory resources on our website helpful to get started.

</aside>

CARO usage

For how long are authentication tokens valid?

You can use the same Client ID and Client Secret to communicate with CARO when acting on behalf of each of your VRS customers.

Bearer tokens have a validity of 24 h. In the absence of any further agreement with us, each client is limited to 150 tokens per 24 hour window. Please reuse each token until its expiry.

<aside> ℹ️

If the use of one client Secret:ID pair or one authentication token for all your VRS customers conflicts with your own architecture, do let us know, since we have no insights into your systems. In that case, we may need to reconsider certain design decisions at our end.

</aside>

Why can I not see the client authentication details?

The Client ID and Client Secret can be found under Developer Tools.

Only users set up as Service Provider Developers are permitted to see this information. Ask a team member with that access permission to upgrade your role in Team Management.

What kind of results does the CARO search function return?

Our search returns fuzzy results. So, if you look for a specific corrUUID or DID, make sure to check the returned result, as the search may have found something that is highly similar if there is no exact match.

VRS set-up

How do I connect a VRS customer in my system to CARO?

To enhance your customers’ VRS messages with CARO’s ATP credentials, there are 2 levels of connection you need to implement.

  1. Connect VRS to CARO = Service provider connection
  2. Connect VRS and CARO for an individual customer = Customer connection

Service provider connection

  1. You need the Client ID & Client Secret to connect your VRS to CARO to be able to do anything. These have nothing to do with your customers. The system is the client.
  2. These details will enable you to get a bearer token, which authenticates your system to CARO. (Note that this token is not a DID.)
    1. 🔖 For details, refer to API Authentication.
  3. You can find the required details in the Developer Tools section. Only users who are Service Provider Developers can see the authentication details. You can manage users in Team Management.
    1. Make sure to switch to the correct CARO account before on-/off-boarding people.

Customer connection

  1. To connect a customer's VRS account in your system to their account in CARO, you need their DID.
    1. While we cannot provide any advice specifically for your system, a key task you need to perform is to link the customer identifiers between our two systems. Your customer's unique identifier related to CARO is their Enterprise Identifier (aka DID). You will need to map this identifier to the GLN your customer wants to use for VRS-facilitated interactions. If applicable, you may also want to connect the DID to another customer ID used in your system.