# OAuth2 The OAuth2 API provides you an interface to create access tokens. The raw Swagger specification is available at ## Creates and renews AccessTokens > This API implements rfc7009, rfc7636 and rfc6749 ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/access_tokens":{"post":{"tags":["OAuth2"],"summary":"Creates and renews AccessTokens","description":"This API implements rfc7009, rfc7636 and rfc6749","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensReponse"}}},"description":"Success"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensError"}}},"description":"Error"},"500":{"description":"Server Errors"}},"requestBody":{"description":"OAuth request payload","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensRequest"}}}}}}},"components":{"schemas":{"AccessTokensReponse":{"type":"object","title":"AccessTokensReponse","required":["expires_in","access_token","token_type"],"properties":{"validity_start_date":{"type":"string","description":"Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'"},"validity_end_date":{"type":"string","description":"Date and Time in ISO8601 format example: '2018-11-06T10:20:37.094533Z'"},"token_type":{"type":"string","description":"Token type"},"scope":{"type":"string","description":"List of scopes"},"refresh_token":{"type":"string","description":"Refresh token should be used after the access token is expired to fetch a new access token"},"expires_in":{"type":"integer","description":"Expiration time in seconds"},"authorization_id":{"type":"string","description":"Authorization Id could be used later on in authorization_changed Webhook"},"access_token":{"type":"string","description":"Access token"},"status":{"type":"string","description":"In BMW and MINI case, the status is pending until the car owner grants access in BMW ConnectedDrive Portal","enum":["pending","approved"]}},"description":"Access Tokens"},"AccessTokensError":{"type":"object","title":"AccessTokensError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"},"AccessTokensRequest":{"type":"object","properties":{"grant_type":{"type":"string","enum":["authorization_code","refresh_token","client_credentials"],"description":"Grant Type."},"code":{"type":"string","description":"Authorization code that the client previously received from the authorization server. Required when grant_type is authorization_code."},"redirect_uri":{"type":"string","description":"The redirect URI in the token request must be an exact match of the redirect URI that was used when generating the authorization code. Required for when grant_type is authorization_code."},"refresh_token":{"type":"string","description":"Refresh token that the client previously received from the authorization server. Required when grant_type is refresh_token."},"client_id":{"type":"string","description":"Client ID used for authentication."},"client_secret":{"type":"string","description":"Client Secret used for authentication, only used in Server-Side Apps"},"code_verifier":{"type":"string","description":"Code verifier(PKCE), only used in Mobile and Native Apps"},"client_assertion":{"description":"Only used with the combination of client_credentials grant_type and client_assertion_type","type":"string"},"client_assertion_type":{"description":"Only used with the combination of client_credentials grant_type and client_assertion","type":"string","enum":["urn:ietf:params:oauth:client-assertion-type:jwt-bearer"]}},"required":["grant_type","client_id"]}}}} ``` ## Revokes AccessTokens > This API implements rfc7009 ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/access_tokens":{"delete":{"tags":["OAuth2"],"summary":"Revokes AccessTokens","description":"This API implements rfc7009","responses":{"200":{"description":"Success"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensError"}}},"description":"Error"},"503":{"description":"Server Errors"}},"requestBody":{"description":"OAuth delete payload","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokensRevoke"}}}}}}},"components":{"schemas":{"AccessTokensError":{"type":"object","title":"AccessTokensError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"},"AccessTokensRevoke":{"type":"object","properties":{"token":{"type":"string","description":"Access Token or Refresh Token that will be used in the revocation."},"client_id":{"type":"string","description":"Client ID used for authentication."},"client_secret":{"type":"string","description":"Client Secret used for authentication, only used in Server-Side Apps"},"token_type_hint":{"type":"string","enum":["refresh_token","access_token"],"description":"Token hint used to identify which type of token is inside the token property."}},"required":["client_id","client_secret","token"]}}}} ``` ## Checks AccessTokens vehicleinfo > Returns vehicleinfo associated with access token ```json {"openapi":"3.0.3","info":{"title":"OAuth2 API","version":"1.0"},"tags":[{"name":"OAuth2","description":"The OAuth2 API provides you an interface to create access tokens.\nThe raw Swagger specification is available at https://github.com/highmobility/open-api-specifications/blob/main/hm-oauth-rest-v1.yml"}],"servers":[{"url":"https://api.high-mobility.com"},{"url":"https://sandbox.api.high-mobility.com"}],"paths":{"/v1/vehicleinfo":{"get":{"tags":["OAuth2"],"parameters":[{"in":"header","name":"Authorization","required":true,"schema":{"type":"string","format":"uuid"},"description":"Bearer token"}],"summary":"Checks AccessTokens vehicleinfo","description":"Returns vehicleinfo associated with access token","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/VehicleInfoResponse"}}},"description":"Success"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/VehicleInfoError"}}},"description":"Error"},"500":{"description":"Server Errors"}}}}},"components":{"schemas":{"VehicleInfoResponse":{"type":"object","title":"VehicleInfoResponse","required":["vin","sub"],"properties":{"vin":{"type":"string","description":"VIN associated with the access token"},"sub":{"type":"string","description":"sub associated with the access token"}},"description":"Vehicle Info"},"VehicleInfoError":{"type":"object","title":"VehicleInfoError","required":["error"],"properties":{"error_description":{"type":"string","description":"Error description"},"error":{"type":"string","description":"Error code"}},"description":"Error details"}}}} ```