Prerequisites
Before you begin, make sure you have configured your Smartcar application in the Smartcar Dashboard. You will need:- Your application’s
Client IDandClient Secret - A valid
redirect_urifor your application - The vehicle data you want to access (e.g., odometer, location, etc.)
1
Step 1: Launch Smartcar Connect
Direct your users to the Smartcar Connect URL. This can be done using the Smartcar SDK for your platform (web, iOS, or Android) or copying the URL from the Smartcar Dashboard. The user will:
- Select their vehicle brand
- Log in with their connected services account
- Review and approve the requested permissions
2
Step 2: Handle the Redirect and Get the Authorization Code
After the user authorizes access, Smartcar will redirect them back to your application using the default
redirect_uri you provided in your app configuration. The redirect will include an authorization code as a query parameter.3
Step 3: Exchange the Code for an Access Token
Your backend exchanges the authorization code for an access token and refresh token by making a request to Smartcar’s token endpoint. You’ll need your app’s The response will include an
client_id, client_secret, and the same redirect_uri.access_token and a refresh_token.4
Step 4: Store Tokens
Store the
access_token and refresh_token securely in your application’s database. These tokens are sensitive credentials that allow access to vehicle data and actions, so:- Use encrypted storage or a secrets manager whenever possible.
- Never log tokens or expose them in client-side code.
- Associate tokens with the correct user and vehicle in your database for easy lookup and management. Here is a recommended architecture structure.
- The
access_tokenexpires after two hours. You will need to use therefresh_tokento obtain new access tokens when needed. Therefresh_tokenexpires after 60 days. If therefresh_tokenexpires, the user will need to reauthorize your application.