Authentication

All CarrierOk API requests are authenticated with a secret key. Pass the key in the Authorization header using the Bearer scheme.

Get your key

  1. Sign up and complete onboarding to get a sk_test_* sandbox key instantly.
  2. Activate live access for $50 to mint a sk_live_* key. The $50 is applied as API credit; no card charge until the credit drains.
  3. Manage rotation + revocation on the API Keys page.

Sandbox vs live

sk_test_* keys return fixture data for 10 hand-picked carriers. Free, no rate limits, no expiration — safe to use anywhere, including client-side prototypes. sk_live_* keys return real FMCSA data and are billed pay-as-you-go. Keep them server-side.

Using your key

Include your key in the Authorization header on every request:

Request
curl "https://api.carrierok.com/v2/profile?dot_number=568253" \
  -H "Authorization: Bearer YOUR_API_KEY"

Keep live keys server-side

Never expose a sk_live_* key in client-side code, public repos, or browser requests. If you suspect a leak, rotate immediately from the API Keys page — the new key is shown once; the old key 401s immediately.

Authentication errors

StatusError
400API key missing
401Unauthorized
429Rate limit exceeded