ICR Program
HomeProjectsCreditsTransactionsInsights
  • Welcome to the ICR program documentation
    • About ICR
      • ICR Team
        • Gudmundur Sigbergsson
        • Olafur "Oli" Torfason
        • Bjorn H. Helgason
        • Thordur "Thor" Agustsson
        • Alondra Silva Munoz
        • Dr. Rannveig Anna Guicharnaud
        • Robert Huldarsson
        • Ria Antil
        • Alvaro Vallejo Rendón
      • ICR's Mission Statement
      • ICR's Context
      • Leadership
        • Leadership and Commitment
        • Policies
          • Quality policy
          • KYC/KYB Compliance Policy
          • Grievance policy
          • Anti-Corruption Compliance Policy
          • Impartiality policy
          • ICR Privacy and Cybersecurity Policy
          • Diversity, Equality, and Inclusion policy
        • Organizational Roles, Responsibilities, and Authorities
          • Leadership
            • Chief Executive Officer (CEO)
            • Chief Operating Officer (COO)
            • Chief Technology Officer (CTO)
            • Chief Product Officer (CPO)
            • Chief Science Officer (CSO)
            • Chief Marketing Officer (CMO)
            • ICR Board
              • Members
                • Daníel F. Jónsson
                • Kristján I. Mikaelsson
              • ICR Board Procedures v3.0
            • ICR Program Advisory Panel
              • Members
              • ICR Program Advisory Panel 3.0
          • ICR Program Advisory Panel
            • Amit Sharma
            • Geetha Gopal
            • Javier Castro
          • Forums
            • ICR Project Proponent and Developer forum
              • ICR Project Proponent and Developer Forum Terms of Reference
            • ICR Stakeholder forum
              • ICR Stakeholder Forum - Terms of Reference
            • ICR VVB forum
              • ICR VVB Forum Terms of Reference
            • ICR Forum Guidelines
            • Forum Application
          • Committees
            • Appeals Committee
              • ICR Appeals Committee Terms of Reference
      • Articles of Association for International Carbon Registry ehf.
  • Fundamentals
    • Climate change
    • Kyoto protocol
    • Paris Agreement
      • Nationally Determined Contributions
      • Carbon Markets Under the Paris Agreement
    • Voluntary Carbon Markets
    • Compensation
      • ÍST 92
      • ISO 14068-1:2023
  • ICR Program
    • Overview
    • Fundamentals
      • ISO
        • ISO 14064
          • ISO 14064-1
          • ISO 14064-2
          • ISO 14064-3
          • ISO 14068-1
      • Project Origination
      • Additionality
      • ICR Registration Process
      • Validation and verification
        • Accreditation
    • Definitions
      • ICR Definitions v3.1
        • Version history
          • ICR Definitions v3.0
          • ICR Definitions v2.0
          • ICR Definitions v1.0
    • Methodology Development
      • Criteria
        • ICR Methodology Requirements v3.0
        • Version history
          • ICR Methodology Requirements 2.0
          • ICR Methodology Requirements 1.0
      • Procedural
        • ICR Methodology Approval Process v3.0
        • Version history
          • ICR Methodology Approval Process v2.0
          • ICR Methodology Approval Process v1.0
      • ICR Methodologies
        • Under development
          • M-ICR001
          • M-ICR002
          • M-ICR003
          • M-ICR004
          • M-ICR005:
          • M-ICR006
          • M-ICR007
          • M-ICR009
          • M-ICR011
        • Approved ICR Methodologies
      • Templates
        • Concept note
          • Older versions
        • Methodology description
          • Older versions
        • Methodology summary
          • Older versions
    • Project development
      • Criteria
        • ICR Requirement Document v6.0
          • Version history
            • ICR Requirement Document v5.0
            • ICR Requirement Document v4.0
      • Procedural
        • ICR Process Requirements v6.1
          • Version history
            • ICR Process Requirements v6.0
            • ICR Process Requirements v5.0
            • ICR Process Requirements v4.0 Final
            • ICR Process Requirements v3.0
        • ICR Article 6 2 procedures v1.0
      • Templates
        • Project concept description (PCD)
          • Older versions
        • Project design description (PDD)
          • Older versions
        • Monitoring report (MR)
          • Older versions
        • Project design description and monitoring report
          • Older versions
        • Letter of attestation
        • Non-performance report
          • Older versions
        • Non-permanence event report
          • Older versions
        • Non-permanence risk assessment
        • Non-performance risk assessment
      • Tools
        • ICR Tool for Environmental and Socio-economic Safeguards and Sustainable Development
      • Approved methodologies, modules and tools
        • ICR approved methodologies, modules and tools v4.0
    • Validation and verification
      • Validation and Verification Bodies
      • Criteria
        • ICR validation and verification specifications v2.0
          • Version history
            • ICR validation and verification specifications v1.0
      • Templates
        • Methodology validation report (MValR)
          • Older versions
        • Validation report (ValR)
          • Older versions
        • Verification report (VerR)
          • Older versions
        • Validation and verification report (ValVerR)
          • Older versions
    • Terms and conditions
      • Terms and Conditions - Users
      • Terms and Conditions - Project
      • ICR Terms and Conditions Market Participants
      • Fee Schedule 2024-2025
      • 🔦ICR KYC/KYB Complience Policy
      • ICR Terms and Conditions - Organizations
        • Older versions
          • ICR Terms and Conditions - Organizations
    • Public consultation
      • Methodologies
        • 2023
          • M-ICR0001
          • M-ICR0002
          • M-ICR0003
          • M-ICR0004
          • M-ICR0005
        • 2024
          • M-ICR0006
        • 2025
          • M-ICR009
          • M-ICR007
          • M-ICR011
      • ICR Program
        • 2023
          • Specifications to guide validation and verification
          • Program revision August 2023
        • 2024
          • Program Revision - July 2024
    • Grievance
      • ICR Grievance process
        • Submit a Complaint
    • Document Library
      • Documents
  • Biodiversity Program
    • Overview
    • Fundamentals
    • Definitions
    • Requirements
      • Templates
        • Concept note
    • Public consultation
    • Document Library
    • Fee Schedule - Biodiversity Pilot Phase 2024-2025
  • Carbonregistry.com
    • Marketplaces
      • Terms and Conditions - Trading Hub
    • On Chain
      • How it works
      • Credit data
      • Contracts
      • Retiring Credits Onchain
    • Registry user guide
      • Introduction
      • Get started
        • Create a user account
          • User profile
            • Authentication
            • Documents
            • API
          • KYC
        • Create an organizational account
          • KYB
      • Account management
        • User account management
        • Organizational account management
          • Projects
          • Users
          • Documentation
          • Settings
          • API
      • Project proponents and developers
        • Registering a project
          • Create a New Project
            • New Project Home Screen
            • Project mitigations
            • Project location
            • Benefits
            • Documents and files
            • People and Organizations
              • People
              • Organizations
            • Home screen tabs
              • Overview
              • Mitigations
              • Benefits
              • Documents
              • People
              • Media
              • VVB
            • Submit for ICR Review
          • Manage a project
          • Transition
          • Page
          • Transition
          • Validation/verification
          • Authorized representatives
          • Finish
        • Credits
          • Ex-ante issuance
          • Ex-post issuance
          • Transferring credits
          • Retiring credits
          • Cancelling credits
        • Side Panel
        • Page 1
      • Organizations
        • Account management
        • Credits
        • Retiring credits
      • Insights
    • API
      • Apps
        • Using ICR apps
          • Approve new permissions
          • Review installations
        • Creating ICR apps
          • About creating ICR apps
            • Best practices
          • Registering an ICR app
            • Permissions
            • Webhooks
              • Webhook actions and payloads
              • Handle deliveries
              • Validate deliveries
              • Handle failed deliveries
            • Callback URLs
        • Authentication
          • Authenticate as an app
          • Generate a JWT
          • Authenticate as an installation
          • App private keys
          • Authenticate as an organization
        • Examples
          • Setting up an ICR app
          • Requesting credit action for organization
          • Interacting with the organization warehouse
      • Endpoints
        • V0.5
          • Apps
          • Organizations
          • Inventory
          • Projects
          • Retirements
          • Warehouse
          • Credits
          • Documents
          • Utility
        • V1 - Beta
          • Organizations
          • Projects
          • Transactions
          • Retirements
          • Credit actions
          • Subaccounts
          • Utility
      • Environments
      • Versions
      • Authentication
    • The Credit Bundler
      • Purchasing Credits
      • Post Purchase: Accepting Credits
  • Quality management system
    • ICR QMS
Powered by GitBook
LogoLogo
On this page
  • About authenticating as an ICR app installation
  • Using an installation access token to authenticate as an app installation
  • Generating an installation access token
  • Authenticating with an installation access token
  1. Carbonregistry.com
  2. API
  3. Apps
  4. Authentication

Authenticate as an installation

You can make your ICR App authenticate as an installation in order to make API requests that affect resources owned by the organization where the app is installed.

PreviousGenerate a JWTNextApp private keys

Last updated 1 year ago

About authenticating as an ICR app installation

Once your ICR App is installed on an account, you can make it authenticate as an app installation for API requests. This allows the app to access resources owned by that installation, as long as the app was granted the necessary access and permissions. API requests made by an app installation are attributed to the app.

For example, if you want your app to update the shortDescription of a project owned by organization "Best organization", then you would authenticate as the "Best organization" installation of your app. The timeline of the issue would state that your app updated the shortDescription.

To make an API request as an installation, you must first generate an installation access token. Then, you will send the installation access token in the Authorization header of your subsequent API requests.

If a REST API endpoint works with an ICR App installation access token, the REST reference documentation for that endpoint will say "Works with ICR Apps." Additionally, your app must have the required permissions to use the endpoint. For more information, see "."

Using an installation access token to authenticate as an app installation

To authenticate as an installation with an installation access token, first use the REST API to generate an installation access token. Then, use that installation access token in the Authorization header of the REST API. The installation access token will expire after 2 hours.

Generating an installation access token

  1. Generate a JSON web token (JWT) for your app. For more information, see "".

  2. Get the ID of the installation that you want to authenticate as.

    If you are responding to a webhook event, the webhook payload will include the installation ID.

    You can also use the REST API to find the ID for an installation of your app. For example, you can get an installation ID with the GET - /app/organizations/:organizationId/installation or GET /app/installations endpoint for paginated response of all installations for your particular app.

  3. Send a REST API POST request to /app/installations/:installationId/accessTokens. Include your JSON web token in the Authorization header of your request. Replace installationId with the ID of the installation that you want to authenticate as.

    For example, send this curl request. Replace INSTALLATION_ID with the ID of the installation and JWT with your JSON web token:

    curl --request POST \
    --url "https://api.carbonregistry.com/app/installations/INSTALLATION_ID/accessTokens" \
    --header "Authorization: Bearer JWT" 

NOTE: the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.

The response will include an installation access token, the time that the token expires, the permissions that the token has, and the organization that the token can access. The installation access token will expire after 2 hours.

Authenticating with an installation access token

To authenticate with an installation access token, include it in the Authorization header of an API request.

In the following example, replace INSTALLATION_ACCESS_TOKEN with an installation access token:

curl --request GET \
--url "https://api.carbonregistry.com/projects" \
--header "Authorization: Bearer INSTALLATION_ACCESS_TOKEN" 

For more information about this endpoint, see ""

Your app must have the required permissions to use the endpoint. For more information, see "."

Choosing permissions for an ICR App
Generating a JSON Web Token (JWT) for an ICR App
Choosing permissions for an ICR App
Installation access token