Skip to main content


Manage your API keys to authenticate requests with Karrio.

Karrio authenticates your API requests using your account’s API keys. If you don’t include your key when making an API request, or use an incorrect or outdated one, Karrio returns an error.

There are two types of keys: a private key and a JSON Web Token.

  • Private You must keep your private API keys confidential and only store them on your own servers. You must not share your private API key with any third parties. Your account’s private API key can perform any API request to Karrio without restriction. If Karrio believes that your secret API key has been compromised, you may cancel and reissue it.
  • JSON Web Token aka JWT are meant solely to identify your account with Karrio, they aren’t secret. In other words, you can safely publish them in places like your karrio.js JavaScript code, or in an Android or iPhone app.

Obtaining your API keys

  • Your Private API key is always available in the Dashboard:
  • The JSON Web Token on the other hand are obtained by API request
curl --request POST \\
--url \\
--header 'Content-Type: application/json' \\
--data '{
"email": "",
"password": "demo"

Karrio returns an key pair object in response to your API request.

"refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYzNjYxMzY4NSwiaWF0IjoxNjM2MTgxNjg1LCJqdGkiOiIwNjM1ZGQ4NWExMWU0NTNjYTk2ZTk3NDM4ZDBjOTRkMiIsInVzZXJfaWQiOjF9.1MO8ODXIPvEQtTJdiyyFT1UA54hZnLjrVj8a3DEDbbw",
"access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjM2MTgyNTg1LCJpYXQiOjE2MzYxODE2ODUsImp0aSI6ImMyYWI5YTAzNTRkYTRlZTQ5ZjQ1ZDdlMmI4NWQ5ZGZkIiwidXNlcl9pZCI6MX0.X-MA-9Vi_zWJfvMWSaL8dNj7XOy8kPNz16gvbciLCIM"