POST
/
oauth
/
token

Request

Headers

Authorization
string
required

HTTP Basic Auth header containing the client_id and client_secret. The header is formed by concatenating the word “Basic”, a space, and a base64-encoded string consisting of the client_id, a colon :, and the client_secret.

Content-Type
string
required

Must be set to application/x-www-form-urlencoded, matching the format of the request body.

User-Agent
string
required

A valid HTTP User Agent value.

Query

code
required

The authorization code received in the handle response step.

grant_type
required

This value must be set to authorization_code

redirect_uri
required

The redirect_uri provided in the redirect to Connect step. This value is checked to match the URI sent when the user was directed to Connect.

If you launch Connect from a single-page or mobile application, redirect_uri must match the URI passed in your Connect URL, not the redirect for your backend.

Response

access_token

A string representing an access token used to make requests to the Smartcar API.

expires_in

The number of seconds the access token is valid for. This is always set to 7200 (2 hours)

refresh_token

A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.

token_type

Always set to Bearer.