Our frontend SDKs handle getting an authorization code representing a vehicle owner’s consent for your application to interact with their vehicle for the requested permissions. In order to make requests to a vehicle, please use one of our backend SDKs.

For security, token exchanges and requests to vehicles should not be made client side.


  1. The Mobile Application launches a SafariView with Smartcar Connect to request access to a user’s vehicle. On Connect, the user logs in with their vehicle credentials and grants the Application access to their vehicle.
  2. The SafariView is redirected to a specified REDIRECT_URI along with an authorization code. This will be the custom scheme set on the application. The Smartcar iOS SDK receives the authorization code in a view listening for the specified custom scheme URI, and passes it to the Mobile Application.
  3. The Mobile Application sends the received authorization code to the Application’s back-end service.
  4. The Application sends a request to the Smartcar API. This request contains the authorization code along with the Application’s CLIENT_ID and CLIENT_SECRET.
  5. In response, Smartcar returns an ACCESS_TOKEN and a REFRESH_TOKEN.
  6. Using the ACCESS_TOKEN, the Application can now send requests to the Smartcar API. It can access protected resources and send commands to and from the user’s vehicle via the backend service.


  • Sign up for a Smartcar account.
  • Make a note of your CLIENT_ID and CLIENT_SECRET from the Configuration section on the Dashboard.
  • Add a custom scheme redirect URI to your application configuration.
  • Add the appServer redirect URI from Setup step 2 to your application configuration.

For iOS, we require the custom URI scheme to be in the format of sc + clientId + :// + hostname. For now, you can just set it to sc + clientId + ://exchange.

Please see our Connect Docs for more information.


  1. Clone our repo and install the required dependancies:
    $git clone https://github.com/smartcar/getting-started-ios-sdk.git
    $cd getting-started-ios-sdk/tutorial
    $pod install
    $open getting-started-ios-sdk.xcworkspace
  2. Set the following constants in Constants.swift. We’re setting appServer to http://localhost:8000 to pass the authorization code from the Handle the Response step later on in the tutorial to our backend.
    struct Constants {
        static let clientId = "<your-client-id>";
        static let appServer = "http://localhost:8000";

Build your Connect URL

  1. Instantiate a SmartcarAuth object in the viewdidLoad function of the ViewController.
    {/*  TODO: Authorization Step 1: Initialize the SmartcarAuth object */}
    appDelegate.smartcar = SmartcarAuth(
        clientId: Constants.clientId,
        redirectUri: "sc\(Constants.clientId)://exchange",
        testMode: true,
        scope: ["required:read_vehicle_info"],
        completion: completion

The iOS SDK does not support simulated mode at this time - only test and live. Feel free to set testMode: false where you instantiate your SmartcarAuth object to connect to a real vehicle.

  1. The iOS application will launch a SafariView with Connect to request access to a user’s vehicle. On Connect, the user logs in with the username and password for their vehicle’s connected services account and grants the application access to their vehicle.

    To launch Connect, we can use the launchAuthFlow function that our SmartcarAuth object has access to. We can place this within the connectPressed action function.

    @IBAction func connectPressed(_ sender: UIButton) {
        {/* TODO: Authorization Step 2: Launch Connect */}
        let smartcar = appDelegate.smartcar!
        smartcar.launchAuthFlow(viewController: self)

Registering your Custom Scheme

Once a user has authorized the application to access their vehicle, the user is redirected to the REDIRECT_URI with an authorization code as a query parameter.

iOS applications use custom URI schemes to intercept calls and launch the relevant application. This is defined within the Info.plist.

  1. Open up Info.plist and click on the grey arrow next to URL types.
  2. Next, click on the grey arrow next to the Item 0 dictionary and URL Schemes array.
  3. Finally, set your Item 0 string to the redirect URI you set up in the Prerequisites section (i.e. ‘sc’ + clientId).

Handle the response

  1. The iOS application will now receive the request in the application:(_:open:options:) function within the AppDelegate.
    func application(_ application: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool {
        {/* TODO: Authorization Step 3a: Receive the authorization code */}
        window!.rootViewController?.presentedViewController?.dismiss(animated: true , completion: nil)
        smartcar!.handleCallback(with: url)
        return true
  2. Using the iOS SDK, the application can receive the code in the completion callback passed into the SmartcarAuth object.
    func completion(err: Error?, code: String?, state: String?) -> Any {
        {/* TODO: Authorization Step 3b: Receive the authorization code */}
        {/* prints out the authorization code */}

Launching Connect

Build your application in XCode and click on the Connect your vehicle button.

This turotiral configures Connect to launch in test mode by default. In test mode, any username and password is valid for each brand.

Smartcar showcases all the permissions your application is asking for - read_vehicle_info in this case. Once you have logged in and accepted the permissions, you should see your authorization code printed to your console.

Getting your first Access Token

After receiving the authorization code, your iOS application must exchange it for an ACCESS_TOKEN. To do so, we can send the code to a backend service. Let’s assume our backend service contains an endpoint /exchange that receives an authorization code as a query parameter and exchanges it for an ACCESS_TOKEN.

// TODO: Obtain an access token
Alamofire.request("\(Constants.appServer)/exchange?code=\(code!)", method: .get)
    .responseJSON {_ in}

Notice that our backend service does not return the ACCESS_TOKEN. This is by design. For security, our frontend should never have access to the ACCESS_TOKEN and should always be stored in the backend.

Getting data from a vehicle

Once the backend has the ACCESS_TOKEN, it can send requests to a vehicle using the Smartcar API. The iOS app will have to send a request to the backend service which in turn sends a request to Smartcar. We have to do this because our frontend does not have the ACCESS_TOKEN.

Assuming our backend has a /vehicle endpoint that returns the information of a user’s vehicle, we can make this query in our completion callback and segue into another view to show the returned vehicle attributes

func completion(err: Error?, code: String?, state: String?) -> Any {

    // send request to exchange auth code for access token
    Alamofire.request("\(Constants.appServer)/exchange?code=\(code!)", method: .get).responseJSON {_ in

        // TODO: Request Step 2: Get vehicle information
        // send request to retrieve the vehicle info
        Alamofire.request("\(Constants.appServer)/vehicle", method: .get).responseJSON { response in
            if let result = response.result.value {
                let JSON = result as! NSDictionary
                let make = JSON.object(forKey: "make")!  as! String
                let model = JSON.object(forKey: "model")!  as! String
                let year = String(JSON.object(forKey: "year")!  as! Int)
                let vehicle = "\(year) \(make) \(model)"
                self.vehicleText = vehicle
                self.performSegue(withIdentifier: "displayVehicleInfo", sender: self)
    return ""

Setting up your backend

Now that our frontend is complete, we will need to create a backend service that contains the logic for the /exchange and /vehicle endpoints. You can use any of our backend SDKs below to set up the service starting from the Obtainting an Access Token step.

When setting up the environment variables for your backend SDK, make sure to set REDIRECT_URI to the custom scheme used for this turotiral i.e. sc + "clientId" + ://exchange.