Carrier
BYO OCS setup

How to get your OCS API token

Carrier BYO mode needs your eSIMVault (Bridge4IP) reseller API token. This guide shows where to find it in the OCS portal and how to connect it.

Prefer not to touch the portal? Use Managed mode (no token required) or the portal-login tab in onboarding — Carrier can extract the key for you.

  1. 01

    Open the OCS portal

    Sign in at ocs.esimvault.cloud with the reseller credentials your network provider issued.

  2. 02

    Open Account → API Settings

    In the portal navigation, go to Account (or your profile menu), then open API Settings / API account. This is where Bridge4IP / eSIMVault issues the reseller API token used by every OCS call.

  3. 03

    Copy the API token

    Copy the token exactly as shown. Treat it like a password — anyone with it can act as your reseller on the OCS. If your account uses an IP allowlist, make sure Carrier's egress is permitted or the allowlist is disabled for API access.

  4. 04

    Paste it into Carrier

    In app.carrier.llc/onboarding (Connect step), choose I have an API key and paste the token. Carrier encrypts it with AES-256-GCM and stores it in your org vault — it is never logged or shown again in full.

Don't have a token?

  • Managed mode — Carrier provisions a sub-account under the Carrier reseller. No eSIMVault token needed. Start at onboarding.
  • Portal login— on the same Connect step, choose “Sign in to portal” and enter your OCS email/password. A secure browser agent retrieves the API key once; the password is not stored.
  • Ask your wholesale provider — child resellers sometimes have read-only API access. If the portal has no API Settings page, request a parent-reseller token or use Managed mode.

External OCS reference: docs.esimvault.cloud/ocs-api