POST
/
oauth
/
token
  curl https://auth.smartcar.com/oauth/token \
  -X POST \
  -H 'Authorization: Basic base64({client_id}:{client_secret})' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&refresh_token=3e565aed-d4b2-4296-9b4c-aec35825a6aa'

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}
To maintain continuous access to a vehicle beyond the 60-day lifespan of a refresh token, you must exchange it for a new token pair before it expires. This proactive step prevents the user from having to re-authenticate through Smartcar Connect and provides you with a new access token and a new refresh token, effectively resetting the 60-day expiration timer.
A refresh token is invalidated 1 minute after use. Please ensure you’re persisting both the newly minted access and refresh token. Failure to do so will require the user to go through Connect again after the access token has expired.

Request

Headers
Authorization
string
default:"Basic "
required
The HTTP Authorization header using the Basic authentication scheme.To construct the Authorization header value:
  1. Join your client_id and client_secret with a single colon (:).
  2. Base64-encode the resulting string: base64({client_id}:{client_secret})
  3. Prepend Basic (with a trailing space) to the encoded string.
Your final authorization header value should look like this:Basic bXktY2xpZW50LWlkOm15LWNsaWVudC1zZWNyZXQ=
Content-Type
string
required
Must be set to application/x-www-form-urlencoded, matching the format of the request body.
User-Agent
string
required
A valid HTTP User Agent value.
  curl https://auth.smartcar.com/oauth/token \
  -X POST \
  -H 'Authorization: Basic base64({client_id}:{client_secret})' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&refresh_token=3e565aed-d4b2-4296-9b4c-aec35825a6aa'
Body
grant_type
required
This value must be set to refresh_token
refresh_token
required
The refresh token received in the response with the access token from an auth code exchange or prior token refresh.

Response

access_token
A string representing an access token used to make requests to the Smartcar API.
expires_in
The number of seconds the access token is valid for. This is always set to 7200 (2 hours)
refresh_token
A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.
token_type
Always set to Bearer.
{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}