> ## Documentation Index
> Fetch the complete documentation index at: https://smartcar.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Application Access Token
> Request an access token using client credentials grant type
Exchange your API credentials for an application-level access token using the OAuth 2.0 Client Credentials flow. The access token is valid for **1 hour** (3600 seconds). There is no refresh token — request a new token when the current one expires.
Generate your Client ID and Client Secret from the **API Credentials** tab in your [Smartcar Dashboard](https://dashboard.smartcar.com). See the [API Authentication Setup Guide](/getting-started/how-to/api-authentication) for step-by-step instructions.
```bash cURL theme={null}
curl --request POST \
--url https://iam.smartcar.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'
```
```javascript Node.js theme={null}
const response = await fetch('https://iam.smartcar.com/oauth2/token', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.SMARTCAR_CLIENT_ID,
client_secret: process.env.SMARTCAR_CLIENT_SECRET,
}),
});
const { access_token, token_type, expires_in } = await response.json();
```
```python Python theme={null}
import requests, os
response = requests.post(
'https://iam.smartcar.com/oauth2/token',
data={
'grant_type': 'client_credentials',
'client_id': os.environ['SMARTCAR_CLIENT_ID'],
'client_secret': os.environ['SMARTCAR_CLIENT_SECRET'],
}
)
token_data = response.json()
access_token = token_data['access_token']
```
### Error Responses
| Status | Error | Description |
| ------ | ----------------- | -------------------------------------------------------------------- |
| `400` | `invalid_request` | Missing or malformed request parameters (e.g., missing `grant_type`) |
| `401` | `invalid_client` | Invalid `client_id` or `client_secret` |
### What's Next
Now that you have an access token, here's what you can do with it:
* [API Overview](/api-reference/intro) — All endpoints available with your access token
* [Vehicle Data](/api-reference/list-signals) — Read signals like battery level, odometer, and location
* [Vehicle Commands](/api-reference/charging/start-charging) — Lock, unlock, start/stop charging, set destination, and more
* [Connections](/api-reference/list-connections) — List and manage vehicle connections
* [Webhooks](/integrations/webhooks/overview) — Subscribe vehicles to receive data on a schedule or when events occur
## OpenAPI
````yaml specs/auth.yml POST /oauth2/token
openapi: 3.0.0
info:
title: OAuth2 Token API
version: 1.0.0
description: OAuth2 token endpoint for client credentials flow
servers:
- url: https://iam.smartcar.com
description: Authentication server
security: []
paths:
/oauth2/token:
post:
summary: Exchange credentials for access token
description: Request an access token using client credentials grant type
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- client_id
- client_secret
- grant_type
properties:
client_id:
type: string
description: The client identifier
example: client_availableindashboard
client_secret:
type: string
description: The client secret
example: yoursecretgeneratedindashboard
grant_type:
type: string
enum:
- client_credentials
description: OAuth2 grant type
example: client_credentials
responses:
'200':
description: Successfully obtained access token
content:
application/json:
schema:
type: object
properties:
access_token:
type: string
description: The access token
token_type:
type: string
description: Token type (typically Bearer)
expires_in:
type: integer
description: Token expiration time in seconds
'400':
description: Bad request - invalid parameters
'401':
description: Unauthorized - invalid credentials
security: []
````