Application Access Token

curl --request POST \
  --url https://iam.smartcar.com/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

{
  "access_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

curl --request POST \
  --url https://iam.smartcar.com/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

{
  "access_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

Exchange your API credentials for an application-level access token using the OAuth 2.0 Client Credentials flow. The access token is valid for 1 hour (3600 seconds). There is no refresh token — request a new token when the current one expires.

Generate your Client ID and Client Secret from the API Credentials tab in your Smartcar Dashboard. See the API Authentication Setup Guide for step-by-step instructions.

curl --request POST \
  --url https://iam.smartcar.com/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

Error Responses

Status	Error	Description
`400`	`invalid_request`	Missing or malformed request parameters (e.g., missing `grant_type`)
`401`	`invalid_client`	Invalid `client_id` or `client_secret`

What’s Next

Now that you have an access token, here’s what you can do with it:

API Overview — All endpoints available with your access token
Vehicle Data — Read signals like battery level, odometer, and location
Vehicle Commands — Lock, unlock, start/stop charging, set destination, and more
Connections — List and manage vehicle connections
Webhooks — Subscribe vehicles to receive data on a schedule or when events occur

Body

application/json

client_id

string

required

The client identifier

Example:

"client_availableindashboard"

client_secret

string

required

The client secret

Example:

"yoursecretgeneratedindashboard"

grant_type

enum<string>

required

OAuth2 grant type

Available options:

client_credentials

Example:

"client_credentials"

Response

Successfully obtained access token

access_token

string

The access token

token_type

string

Token type (typically Bearer)

expires_in

integer

Token expiration time in seconds

Overview List connections

⌘I

Introduction

Authorization

Connections

Webhooks

Vehicle Data

Vehicle Commands

Compatibility

API 2.0 Reference (Legacy)

Vehicle Commands (Legacy)

Management API (Legacy)

Compatibility API (Legacy)

Application Access Token

Error Responses

What’s Next

Body

Response

Introduction

Authorization

Connections

Webhooks

Vehicle Data

Vehicle Commands

Compatibility

API 2.0 Reference (Legacy)

Vehicle Commands (Legacy)

Management API (Legacy)

Compatibility API (Legacy)

​Error Responses

​What’s Next

Body

Response

Error Responses

What’s Next