Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.karmacheck.com/llms.txt

Use this file to discover all available pages before exploring further.

All API requests must be authenticated with a token in the form of a JSON Web Token (JWT). The KarmaCheck API uses a Bearer authentication scheme, which should be used only over HTTPS.

Create an authentication token

To create an authentication token, you need to first contact KarmaCheck to enable API access. KarmaCheck will issue you an API key and one or more client access tokens. Each client access token gives access to a specific group within a company in the KarmaCheck system. With the API key and a client access token, call the POST /auth/api endpoint to retrieve an authentication token: 
curl --request POST \
  --url https://api-stage.karmacheck.io/auth/api \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "API_KEY",
    "clientAccessToken": "CLIENT_ACCESS_TOKEN"
  }'
Replace API_KEY and CLIENT_ACCESS_TOKEN with your credentials. The response will contain your authentication token in the token field. Note the following regarding KarmaCheck authentication tokens:
  • Authentication tokens do not expire. However, tokens can be invalidated in order to revoke access to other API calls.
  • Anyone with access to your authentication token can access your KarmaCheck data. Store these tokens as securely as possible and avoid placing them in shared codebases.

Authenticate an API request

For all requests to the KarmaCheck API, set the Authorization header with the value Bearer AUTHENTICATION_TOKEN, replacing AUTHENTICATION_TOKEN with the authentication token that you created. Do not attempt to pass the authentication token in the query string (in other words, the URL). 
curl --request GET \
  --url https://api-stage.karmacheck.io/case/list \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer AUTHENTICATION_TOKEN'