POST
/
oauth
/
token
curl https://auth.smartcar.com/oauth/token \
-X POST \
-H 'Authorization: Basic base64({client_id}:{client_secret})' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&code=35a59c0b-745c-436c-a8a2-7758e718dcb8&redirect_uri=https://example.com/home'

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}

Requesting Access Tokens

Headers
Authorization
string
default:"Basic "
required
The HTTP Authorization header using the Basic authentication scheme.To construct the Authorization header value:
  1. Join your client_id and client_secret with a single colon (:).
  2. Base64-encode the resulting string: base64({client_id}:{client_secret})
  3. Prepend Basic (with a trailing space) to the encoded string.
Your final authorization header value should look like this:Basic bXktY2xpZW50LWlkOm15LWNsaWVudC1zZWNyZXQ=
Content-Type
string
required
Must be set to application/x-www-form-urlencoded, matching the format of the request body.
User-Agent
string
required
A valid HTTP User Agent value. This value is typically included in the HTTP requests by the client that is making the request. You usually don’t have to set this manually.
Body
code
required
The authorization code received in the handle response step.
grant_type
required
This value must be set to authorization_code
redirect_uri
required
The redirect_uri provided in the redirect to Connect step. This value is checked to match the URI sent when the user was directed to Connect.
If you launch Connect from a single-page or mobile application, redirect_uri must match the URI passed in your Connect URL, not the redirect for your backend.
curl https://auth.smartcar.com/oauth/token \
-X POST \
-H 'Authorization: Basic base64({client_id}:{client_secret})' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&code=35a59c0b-745c-436c-a8a2-7758e718dcb8&redirect_uri=https://example.com/home'

Response

access_token
A string representing an access token used to make requests to the Smartcar API.
expires_in
The number of seconds the access token is valid for. This is always set to 7200 (2 hours)
refresh_token
A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.
token_type
Always set to Bearer.
{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}