POST
/
oauth
/
token
  curl https://auth.smartcar.com/oauth/token \
  -X POST \
  -H 'Authorization: Basic base64({client_id}:{client_secret})' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=authorization_code&code=35a59c0b-745c-436c-a8a2-7758e718dcb8&redirect_uri=https://example.com/home'
{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}  

Request

Headers

Authorization
string
required

HTTP Basic Auth header containing the client_id and client_secret. The header is formed by concatenating the word “Basic”, a space, and a base64-encoded string consisting of the client_id, a colon :, and the client_secret.

Content-Type
string
required

Must be set to application/x-www-form-urlencoded, matching the format of the request body.

User-Agent
string
required

A valid HTTP User Agent value.

Query

code
required

The authorization code received in the handle response step.

grant_type
required

This value must be set to authorization_code

redirect_uri
required

The redirect_uri provided in the redirect to Connect step. This value is checked to match the URI sent when the user was directed to Connect.

If you launch Connect from a single-page or mobile application, redirect_uri must match the URI passed in your Connect URL, not the redirect for your backend.

  curl https://auth.smartcar.com/oauth/token \
  -X POST \
  -H 'Authorization: Basic base64({client_id}:{client_secret})' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=authorization_code&code=35a59c0b-745c-436c-a8a2-7758e718dcb8&redirect_uri=https://example.com/home'

Response

access_token

A string representing an access token used to make requests to the Smartcar API.

expires_in

The number of seconds the access token is valid for. This is always set to 7200 (2 hours)

refresh_token

A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.

token_type

Always set to Bearer.

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}