Authentication

The TruckRadar dealer API authenticates every request with a static Bearer token. One API key is issued per dealer account and can be rotated at any time from the dashboard. All endpoints under /api/v1/ require the token — unauthenticated requests return 401 UNAUTHORIZED.

Generating a key

Sign in at truckradar.ai/login.
Open Dashboard → Settings and scroll to the API Key section.
Click Generate API Key. Copy the value shown immediately — it is displayed once.
Store it in your secret manager (AWS Secrets Manager, Vercel env vars, Doppler, 1Password, etc).

Keys are shown exactly once

TruckRadar only stores a hash of the key. If you lose it, generate a new one — the old one is revoked the moment you regenerate.

Using the key

Pass the key in the Authorization header on every request:

bash

curl https://truckradar.ai/api/v1/inventory/3ALHCYFE3LDLM8435 \
  -H "Authorization: Bearer tr_live_XXXXXXXXXXXXXXXX" \
  -H "Accept: application/json"

Using fetch in TypeScript / Node:

typescript

const res = await fetch("https://truckradar.ai/api/v1/inventory/3ALHCYFE3LDLM8435", {
  headers: {
    Authorization: `Bearer ${process.env.TRUCKRADAR_API_KEY}`,
    Accept: "application/json",
  },
});
const { data, error } = await res.json();
if (!res.ok) throw new Error(error?.message ?? res.statusText);

Rotating a key

Regenerating immediately revokes the previous key. There is no grace window. To rotate without downtime:

Generate a new key in the dashboard and copy it.
Deploy the new key to all running workers / cron jobs / DMS integrations.
Confirm traffic is flowing on the new key (watch 200 responses for 5–10 minutes).
Rotate again on any box that missed the cutover if you see a spike in 401s.

Key format

Keys are opaque — they always begin with tr_live_ followed by a random suffix. Treat them as secrets; do not commit them to source control or expose in browser code.

Revoking a key

If a key is leaked, rotate it immediately (regenerate in the dashboard). There is no separate revoke endpoint — generation rotates. Email security@truckradar.ai if you need us to force-expire a key out of band.

Multi-tenant access

Each API key maps to a single Seller. DMS vendors that sync many dealers must manage a key per dealer. A platform-level key for aggregators is available on Enterprise plans — contact sales@truckradar.ai.

Errors

Auth-related responses:

401 UNAUTHORIZED — missing, malformed, or revoked key.
403 FORBIDDEN — key is valid but the requested resource belongs to another dealer.

See Error Codes for the full list and remediation guidance.