> ## Documentation Index
> Fetch the complete documentation index at: https://developer.karmacheck.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API basics

> An overview of the KarmaCheck REST API structure, endpoints, and request headers.

The KarmaCheck API is a background check service that follows REST conventions. The API provides resources and actions at specified HTTPS endpoints, uses standard HTTP methods and response codes, and accepts and returns JSON in requests and responses.

You have multiple options for testing the KarmaCheck API:

* Try out each endpoint in the interactive [API reference](/api-reference/authentication/authenticate-api-client) documentation.
* Export the OpenAPI Specification file from the API reference documentation and import the file into an API client, such as Postman.

All API requests must be made over HTTPS. Calls made over plain HTTP or without valid authentication will be refused.

## Endpoints

A KarmaCheck endpoint consists of the following:

* **The base URL:** The production API is hosted at `https://api.karmacheck.io`. For sandbox testing, the base URL is `https://api-stage.karmacheck.io`.
* **A resource path:** The API is organized around resources (such as cases, packages, or secure documents) that you can retrieve, create, or update. When applicable, a specific resource is referenced by its unique identifier.

## Request headers

HTTP request headers store authentication data and information about the request and response formats:

* **Authentication:** Every API request must include a valid authentication token that authorizes access to a group's data. See [Authentication](/background-check-api/overview/api/authentication) for details on how to obtain an authentication token.
* **Request format:** Requests that include body data are submitted in JSON format. This is specified by sending the header `Content-Type: application/json`.
* **Response format:** Most responses are returned in JSON format. This is specified by sending the header `Accept: application/json`. The header `Accept: text/html` is used for endpoints that return data in plain text format, such as the URL of a report for download.
