REST API v5 Tutorial (deprecated)

The REST Auto API lets you work with car data on any platform. This tutorial will help you get started and show you how to work with it. By following the steps you will be receiving odometer data from the car simulator.

Create a Cloud App
Create a Vehicle
Get API Config
Create a JWT
Link Vehicle and Retrieve Access Token
Send a Request

Endpoint URL
Note that the REST API base URL is https://sandbox.rest-api.high-mobility.com/v5 when working with the car emulators and https://rest-api.high-mobility.com/v5 for live vehicle data.
When you use the configuration snippets from the platform as shown in this tutorial, you will always be using the right URL automatically.

Create a Cloud App

In "Develop mode" you will find your sandbox apps. In the app details page you are going to set the permissions it requires, manage devices and link virtual vehicles from your garage to test. Let's see how to create a new app.

Go to the Build tab, select "Develop mode" and click the big plus (+) button, select "Fleet" or "Driver" as the type and then select "Cloud App".
In the left section, select the permissions that your app needs under the "Permissions" tap.
Note: Each permission must be manually added to each new app.
You can edit your app name and image from the menu icon next to the app name.

Create a Vehicle

In the "Simulation studio" you are able to create vehicles to link with your app and to test with the simulators. Go to the simulation studio and click the big plus (+) button.

Get API Config

The first thing your app code needs to do is to provide credentials to the server. This is done through JWT and we will provide an example in this tutorial for JavaScript.

Go to the Build tab, and select the app you created in the previous steps.
Choose "Client certificate" in the left section and then the "REST" tab.
Copy the JSON snippet.
Insert the snippet into into your project and assign it to a variable.

The config variable will look something like this:

const REST_API_CONFIG = {
  version: '3.0',
  type: 'rest_api',
  private_key_id: 'fdfa4bf6-328b-4c82-b6e0-833688690acb',
  private_key: `-----BEGIN EC PRIVATE KEY-----
MHYCAQEEIOWpew43ebg4jS0vAaXGFjBFmpZRb2f8KIampd2Emi25oAoGCCqGSM49
AwEHoUMDQQCE8W3k3aprpBxZ3QBlW+WdteJc+UgeIyqY/UOOAcR4qanZKj6CBHa3
8Wl60x6ql2IESr8F3ZXRnVIami0VC7mY
-----END EC PRIVATE KEY-----`,
  app_uri: 'https://sandbox.rest-api.high-mobility.com/v5',
  client_serial_number: '0DF5997A3A2E151C7B'
}

Here's an overview of the steps:

Include the key-pair information in your back-end system. You can use your preferred JWT library.
Create an JWT Token per example below.
The second step has to be done for all endpoints, e.g. getting the diagnostics state.

Create a JWT

The JWT should be signed using the ES256 algorithm and must contain the following claims:

ver	The version of the API, taken from the version field in the config
aud	The API URI, taken from the app_uri field in the config
iss	A unique serial number, taken from the client_serial_number field in the config
iat	The current datetime, formatted in the Unix timestamp format. This is used to minimize the possibilities of a replay attack, so that a JWT created in the past cannot be reused. Currently a tolerance of 30 seconds is used to account for any clock skew between our servers and the back end servers, but it can be changed, probably shortened in the future. Example value: 1502121268
jti	An unique identifier in the UUID format of the JWT itself to ensure a JWT can be used only once.
sub	The access token specific to the car, the retrieal of which is done through OAuth2 or the Service Account API for fleet vehicles

Link Vehicle and Retrieve Access Token

Now to use the REST API you will need to retrieve an Access Token for the simulator. The technical process differs from fleet apps and apps that are built for individual vehicles owners, drivers.

Follow the Fleet Clearance tutorial steps for fleet vehicles. You can get the VIN of the simulator from its log console.
To perform a driver consent, implement the OAuth2 API and initiate the consent flow. Here's an article for doing this using Postman.

Send a Request

Once the simulator is open, fire away a request. For example to get the diagnostics state of the vehicle.

If you see that the app lacks permissions, you will need to revisit step two of the "Create an App" section of this document and select the appropriate permissions for your telematics command.

Auto API
Check out the Auto API OpenAPI Specification for all details.

const request = require('request')

request.get({
  url: REST_API_CONFIG.app_uri + '/diagnostics',
  headers: {
    Authorization: 'Bearer ' + jwtToken
  }
}, (error, response, body) => {
  console.log('error:', error)
  console.log('statusCode:', response && response.statusCode)
  console.log('body:', body)
})