# OAuth2 The OAuth2 API provides you an interface to create access tokens. The raw Swagger specification is available at ## Creates and renews AccessTokens > This API implements rfc7009, rfc7636 and rfc6749 ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/access_tokens":{"post":{"tags":["OAuth2"],"summary":"Creates and renews AccessTokens","description":"This API implements rfc7009, rfc7636 and rfc6749","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensReponse"}}},"description":"Success"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensError"}}},"description":"Error"},"500":{"description":"Server Errors"}},"requestBody":{"description":"OAuth request payload","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensRequest"}}}}}}},"components":{"schemas":{"AccessTokensReponse":{"type":"object","title":"AccessTokensReponse","required":["expires_in","access_token","token_type"],"properties":{"validity_start_date":{"type":"string","description":"Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'"},"validity_end_date":{"type":"string","description":"Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'"},"token_type":{"type":"string","description":"Token type"},"scope":{"type":"string","description":"List of scopes"},"refresh_token":{"type":"string","description":"Refresh token should be used after the access token is expired to fetch a new access token"},"expires_in":{"type":"integer","description":"Expiration time in seconds"},"authorization_id":{"type":"string","description":"Authorization Id could be used later on in authorization_changed Webhook"},"access_token":{"type":"string","description":"Access token"},"status":{"type":"string","description":"In BMW and MINI case, the status is pending until the car owner grants access in BMW ConnectedDrive Portal","enum":["pending","approved"]}},"description":"Access Tokens"},"AccessTokensError":{"type":"object","title":"AccessTokensError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"},"AccessTokensRequest":{"type":"object","properties":{"grant_type":{"type":"string","enum":["authorization_code","refresh_token","client_credentials"],"description":"Grant Type."},"code":{"type":"string","description":"Authorization code that the client previously received from the authorization server. Required when grant_type is authorization_code."},"redirect_uri":{"type":"string","description":"The redirect URI in the token request must be an exact match of the redirect URI that was used when generating the authorization code. Required for when grant_type is authorization_code."},"refresh_token":{"type":"string","description":"Refresh token that the client previously received from the authorization server. Required when grant_type is refresh_token."},"client_id":{"type":"string","description":"Client ID used for authentication."},"client_secret":{"type":"string","description":"Client Secret used for authentication, only used in Server-Side Apps"},"code_verifier":{"type":"string","description":"Code verifier(PKCE), only used in Mobile and Native Apps"},"client_assertion":{"description":"Only used with the combination of client_credentials grant_type and client_assertion_type","type":"string"},"client_assertion_type":{"description":"Only used with the combination of client_credentials grant_type and client_assertion","type":"string","enum":["urn:ietf:params:oauth:client-assertion-type:jwt-bearer"]}},"required":["grant_type","client_id"]}}}} ``` ## Revokes AccessTokens > This API implements rfc7009 ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/access_tokens":{"delete":{"tags":["OAuth2"],"summary":"Revokes AccessTokens","description":"This API implements rfc7009","responses":{"200":{"description":"Success"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensError"}}},"description":"Error"},"503":{"description":"Server Errors"}},"requestBody":{"description":"OAuth delete payload","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensRevoke"}}}}}}},"components":{"schemas":{"AccessTokensError":{"type":"object","title":"AccessTokensError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"},"AccessTokensRevoke":{"type":"object","properties":{"token":{"type":"string","description":"Access Token or Refresh Token that will be used in the revocation."},"client_id":{"type":"string","description":"Client ID used for authentication."},"client_secret":{"type":"string","description":"Client Secret used for authentication, only used in Server-Side Apps"},"token_type_hint":{"type":"string","enum":["refresh_token","access_token"],"description":"Token hint used to identify which type of token is inside the token property."}},"required":["client_id","client_secret","token"]}}}} ``` ## Checks AccessTokens vehicleinfo > Returns vehicleinfo associated with access token ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/vehicleinfo":{"get":{"tags":["OAuth2"],"parameters":[{"in":"header","name":"Authorization","required":true,"schema":{"type":"string","format":"uuid"},"description":"Bearer token"}],"summary":"Checks AccessTokens vehicleinfo","description":"Returns vehicleinfo associated with access token","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/VehicleInfoResponse"}}},"description":"Success"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/VehicleInfoError"}}},"description":"Error"},"500":{"description":"Server Errors"}}}}},"components":{"schemas":{"VehicleInfoResponse":{"type":"object","title":"VehicleInfoResponse","required":["vin","sub"],"properties":{"vin":{"type":"string","description":"VIN associated with the access token"},"sub":{"type":"string","description":"sub associated with the access token"}},"description":"Vehicle Info"},"VehicleInfoError":{"type":"object","title":"VehicleInfoError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.high-mobility.com/api-references/auth/oauth2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.