Skip to main content
POST
/
auth
/
api
Authenticate API client
curl --request POST \
  --url https://api-stage.karmacheck.io/auth/api \
  --header 'Content-Type: application/json' \
  --data '
{
  "apiKey": "03c703eb-56cc-46f6-bb63-afb3e302d1bf",
  "clientAccessToken": "ffb3c8ee-412d-43e5-975a-355e3cc54cf9"
}
'
{
  "id": "<string>",
  "username": "<string>",
  "token": "<string>",
  "groupProfileId": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://developer.karmacheck.com/llms.txt

Use this file to discover all available pages before exploring further.

Body

application/json
apiKey
string
required

A unique key that identifies the partner in the KarmaCheck system. If you are building an API integration with KarmaCheck, contact your Account Manager for an apiKey. Whether you are creating an integration for your own company's use, for ordering checks on behalf of mutual customers of yourself and KarmaCheck, or for both, you will receive one apiKey.

clientAccessToken
string
required

A secret that grants an API partner access to a specific group of a company. The combination of an apiKey and a clientAccessToken generates a token for that group. If you're building an integration to order checks for:

  • Your own company: Contact your Account Manager to get a clientAccessToken for each group you wish to order checks for over the API.
  • A mutual customer: Contact that mutual customer for them to give you clientAccessTokens associated with your apiKey.

Response

OK

id
string
required

The unique identifier of the client. This is the same as the JWT ID (jti property) of the token.

username
string
required

The KarmaCheck username of the client. When this endpoint is first called for a particular combination of an apiKey and a clientAccessToken, a client user is created in the KarmaCheck system whose permissions are scoped to the corresponding group. A randomized username with api in the name is generated to make it clear that actions were taken by an API client instead of a user of the enterprise dashboard.

token
string
required

A JSON Web Token (JWT) that can be used to perform actions like ordering checks and getting results for a group of a company. Does not expire, but can be revoked upon request or at KarmaCheck's discretion.

groupProfileId
string
required

The ID of the group of the company that the token can access.