Auth Code Exchange
To interact with the Smartcar API, you will need to exchange your authorization code from the Connect redirect for an access token.
Request
Headers
HTTP Basic Auth header containing the client_id
and client_secret
.
The header is formed by concatenating the word “Basic”, a space, and a base64-encoded
string consisting of the client_id
, a colon :
, and the client_secret
.
Must be set to application/x-www-form-urlencoded
, matching the format of the request body.
A valid HTTP User Agent value.
Query
The authorization code received in the handle response step.
This value must be set to authorization_code
The redirect_uri
provided in the redirect to Connect step. This value is checked to match the URI sent when the user was directed to Connect.
If you launch Connect from a single-page or mobile application, redirect_uri
must match the URI passed in your Connect URL, not the redirect for your backend.
Response
A string representing an access token used to make requests to the Smartcar API.
The number of seconds the access token is valid for. This is always set to 7200 (2 hours)
A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.
Always set to Bearer
.
Was this page helpful?