Authenticate API client
Authenticates an API client with KarmaCheck so that they can access the KarmaCheck system.
Body
A unique key that identifies the partner in the KarmaCheck system. If you are building an API integration with KarmaCheck, contact your Account Manager for an apiKey. Whether you are creating an integration for your own company's use, for ordering checks on behalf of mutual customers of yourself and KarmaCheck, or for both, you will receive one apiKey.
A secret that grants an API partner access to a specific group of a company. The combination of an apiKey and a clientAccessToken generates a token for that group. If you're building an integration to order checks for:
- Your own company: Contact your Account Manager to get a
clientAccessTokenfor each group you wish to order checks for over the API. - A mutual customer: Contact that mutual customer for them to give you
clientAccessTokens associated with yourapiKey.
Response
OK
The unique identifier of the client. This is the same as the JWT ID (jti property) of the token.
The KarmaCheck username of the client. When this endpoint is first called for a particular combination of an apiKey and a clientAccessToken, a client user is created in the KarmaCheck system whose permissions are scoped to the corresponding group. A randomized username with api in the name is generated to make it clear that actions were taken by an API client instead of a user of the enterprise dashboard.
A JSON Web Token (JWT) that can be used to perform actions like ordering checks and getting results for a group of a company. Does not expire, but can be revoked upon request or at KarmaCheck's discretion.
The ID of the group of the company that the token can access.