Authentication
All CarrierOk API requests are authenticated with a secret key. Pass the key in the Authorization header using the Bearer scheme.
Get your key
- Sign up and complete onboarding to get a
sk_test_*sandbox key instantly. - Activate live access for $50 to mint a
sk_live_*key. The $50 is applied as API credit; no card charge until the credit drains. - Manage rotation + revocation on the API Keys page.
Sandbox vs live
sk_test_* keys return fixture data for 10 hand-picked carriers. Free, no rate limits, no expiration — safe to use anywhere, including client-side prototypes. sk_live_* keys return real FMCSA data and are billed pay-as-you-go. Keep them server-side.Using your key
Include your key in the Authorization header on every request:
Request
curl "https://api.carrierok.com/v2/profile?dot_number=568253" \
-H "Authorization: Bearer YOUR_API_KEY"Keep live keys server-side
Never expose a
sk_live_* key in client-side code, public repos, or browser requests. If you suspect a leak, rotate immediately from the API Keys page — the new key is shown once; the old key 401s immediately.Authentication errors
| Status | Error | Cause |
|---|---|---|
400 | API key missing | No Authorization header |
401 | Unauthorized | Key invalid, rotated, or revoked |
429 | Rate limit exceeded | Per-key minute limit hit — back off and retry |