OAuth2

The OAuth2 API provides you an interface to create access tokens. The raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml

Creates and renews AccessTokens

post

/v1/access_tokens

This API implements rfc7009, rfc7636 and rfc6749

Body

grant_typestring · enumRequired

Grant Type.

Possible values:

codestringOptional

Authorization code that the client previously received from the authorization server. Required when grant_type is authorization_code.

redirect_uristringOptional

The redirect URI in the token request must be an exact match of the redirect URI that was used when generating the authorization code. Required for when grant_type is authorization_code.

refresh_tokenstringOptional

Refresh token that the client previously received from the authorization server. Required when grant_type is refresh_token.

client_idstringRequired

Client ID used for authentication.

client_secretstringOptional

Client Secret used for authentication, only used in Server-Side Apps

code_verifierstringOptional

Code verifier(PKCE), only used in Mobile and Native Apps

client_assertionstringOptional

Only used with the combination of client_credentials grant_type and client_assertion_type

client_assertion_typestring · enumOptional

Only used with the combination of client_credentials grant_type and client_assertion

Possible values:

Responses

200

Success

application/json

Access Tokens

validity_start_datestringOptional

Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'

validity_end_datestringOptional

Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'

token_typestringRequired

Token type

scopestringOptional

List of scopes

refresh_tokenstringOptional

Refresh token should be used after the access token is expired to fetch a new access token

expires_inintegerRequired

Expiration time in seconds

authorization_idstringOptional

Authorization Id could be used later on in authorization_changed Webhook

access_tokenstringRequired

Access token

statusstring · enumOptional

In BMW and MINI case, the status is pending until the car owner grants access in BMW ConnectedDrive Portal

Possible values:

400

Error

application/json

500

Server Errors

post

/v1/access_tokens

POST /v1/access_tokens HTTP/1.1
Host: api.high-mobility.com
Content-Type: application/json
Accept: */*
Content-Length: 228

{
  "grant_type": "authorization_code",
  "code": "7672e33d-fdc0-47f0-bd17-6c1e727271f8",
  "redirect_uri": "http://localhost/mycallback",
  "client_id": "09ce38c6-5cd7-47b0-b271-235414e938c6",
  "client_secret": "rzeVs5nnx5OCMQejjfQTjLE8Jb2ReFSU"
}

{
  "access_token": "81bcb5ee-3aa1-4fc6-bc54-79019af30a45",
  "expires_in": 3600,
  "refresh_token": "b39c3380-a8cf-48fe-ad80-d70279a4a5d6",
  "scope": "diagnostics.get.mileage doors.get.locks windows.get.positions",
  "status": "approved",
  "token_type": "bearer"
}

Revokes AccessTokens

delete

/v1/access_tokens

This API implements rfc7009

Body

tokenstringRequired

Access Token or Refresh Token that will be used in the revocation.

client_idstringRequired

Client ID used for authentication.

client_secretstringRequired

Client Secret used for authentication, only used in Server-Side Apps

token_type_hintstring · enumOptional

Token hint used to identify which type of token is inside the token property.

Possible values:

Responses

200

Success

No content

400

Error

application/json

503

Server Errors

delete

/v1/access_tokens

DELETE /v1/access_tokens HTTP/1.1
Host: api.high-mobility.com
Content-Type: application/json
Accept: */*
Content-Length: 92

{
  "token": "text",
  "client_id": "text",
  "client_secret": "text",
  "token_type_hint": "refresh_token"
}

No content

Checks AccessTokens vehicleinfo

get

/v1/vehicleinfo

Returns vehicleinfo associated with access token

Header parameters

Authorizationstring · uuidRequired

Bearer token

Responses

200

Success

application/json

Vehicle Info

vinstringRequired

VIN associated with the access token

substringRequired

sub associated with the access token

401

Error

application/json

500

Server Errors

get

/v1/vehicleinfo

GET /v1/vehicleinfo HTTP/1.1
Host: api.high-mobility.com
Authorization: 123e4567-e89b-12d3-a456-426614174000
Accept: */*

{
  "vin": "VIN00000000000001",
  "sub": "00000000-0000-0000-0000-000000000000"
}

PreviousDeveloper Platform API NextStreaming Schema V2

Last updated 1 month ago

Was this helpful?

Good afternoon

hashtagCreates and renews AccessTokens

hashtagRevokes AccessTokens

hashtagChecks AccessTokens vehicleinfo

Creates and renews AccessTokens

Revokes AccessTokens

Checks AccessTokens vehicleinfo