Skip to main content

Authentication

The Cartrack Fleet API uses HTTP Basic Authentication. Requests must include an Authorization header containing a Base64‑encoded username:password pair. Always use HTTPS when sending credentials.

How to construct the header

  1. Concatenate your username, a colon (:), and your password: username:password.
  2. Base64‑encode that string.
  3. Add the encoded value to the Authorization header prefixed with Basic.

Example (raw header)

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Quick examples

curl

curl -u "username:password" "https://fleetapi-za.cartrack.com/rest/vehicles"

JavaScript (fetch)

const credentials = btoa(`${username}:${password}`);
fetch('https://fleetapi-za.cartrack.com/rest/vehicles', {
 headers: { 'Authorization': `Basic ${credentials}` }
});

Security best practices

  • Always use HTTPS — never send credentials over plain HTTP.
  • Do not embed credentials directly in client-side code that may be public.
  • Store credentials securely (environment variables, secret managers, vaults).
  • Use least privilege: generate user-level API passwords for integrations instead of sharing administrator credentials.
  • Rotate and revoke credentials regularly; update integrations after rotation.
  • If you receive HTTP 401 Unauthorized, verify you're using the correct regional endpoint for your account (see Base URLs).

Generating Administrator and User API passwords

Administrator password

  1. Sign in to your region's Fleetweb site (for example: https://fleetweb-<region>.cartrack.com).
  2. Open the API Settings page at https://fleetweb-<region>.cartrack.com/settings/api-settings (Settings → API Settings in the Fleetweb menu). See screenshot below.
  3. Generate a new Administrator password following the on-screen prompts.
  4. Store the password securely and share it only with trusted personnel.

User API password

  1. Sign in to your region's Fleetweb site.
  2. Open https://fleetweb-<region>.cartrack.com/settings/api-settings and use the "Generate User Credentials" button in the User Credentials section to create a new password for the integration or partner.
  3. Assign only the scopes/permissions required and store the password securely.

Notes

  • Use user-level accounts for external integrations when possible; reserve Administrator credentials for management tasks.
  • If your account is hosted in a different region, use the corresponding Fleetweb and API base URL — otherwise authentication will fail with HTTP 401.
  • Refer to the Base URLs page for region codes and endpoints.

Administrator credentials page