REST Auto API Tutorial

The REST Auto API lets you work with car data on any platform. This tutorial will help you get started and show you how to work with it.

Requirements

The only requirement is that you have a library at hand to create a JWT Token for authentication purposes.

Create an App

In the Develop tab you will find your apps. In the app details page you are going to set the permissions it requires, manage devices and link virtual vehicles from your garage to test. Let's see how to create a new app.

  1. Go to the Develop tab, click the big plus (+) button and select Cloud App. Enter a name and continue.
  2. In the left section, select the permissions that your app needs under the "Permissions" tap. You may need to toggle "Show all permissions" to see hidden permissions. For the purporses of this tutorial, you will need to select the "Diagnostics" capability and then select "Mileage" before pressing "save".
    Note: Each permission must now manually be added to each new app.
  3. You can edit your app name and image from the menu icon next to the app name.

Create a Vehicle

In the carmaker workspaces you will be able to create vehicles or other items to link with your app and to test with the emulators.

  1. Go to a carmaker workspace, click the big plus (+) button and select one vehicle to start. Enter a name and continue.
  2. You will find the vehicle capabilities listed to the left.
  3. If you click on the "Launch emulator" button you will see how it looks like. Next we will need to link an app with the vehicle.

Get API Config

The first thing your app code needs to do is to provide credentials to the server. This is done through JWT and we will provide an example in this Tutorial for JavaScript.

  1. Go to the Apps tab, and select the app you created in the previous steps.
  2. Choose "Client certificate" in the left section and then the "REST" tab.
  3. Copy the JSON snippet.
  4. Insert the snippet into into your project and assign it to a variable.

The config variable will look something like this:

const REST_API_CONFIG = {
  version: '1.0',
  type: 'rest_api',
  private_key_id: 'fdfa4bf6-328b-4c82-b6e0-833688690acb',
  private_key: `-----BEGIN EC PRIVATE KEY-----
MHYCAQEEIOWpew43ebg4jS0vAaXGFjBFmpZRb2f8KIampd2Emi25oAoGCCqGSM49
AwEHoUMDQQCE8W3k3aprpBxZ3QBlW+WdteJc+UgeIyqY/UOOAcR4qanZKj6CBHa3
8Wl60x6ql2IESr8F3ZXRnVIami0VC7mY
-----END EC PRIVATE KEY-----`,
  app_id: 'B7DC46627768907681308743',
  app_uri: 'https://sandbox.rest-api.high-mobility.com/v4'
}

Here's an overview of the steps:

  1. Include the key-pair information in your back-end system. You can use your preferred JWT library.
  2. Create an JWT Token per example below.
  3. The second step has to be done for all endpoints, e.g. getting the diagnostics state.

Create a JWT

The JWT should be signed using the ES256 algorithm and must contain the following claims:

api_versionThe version of the API, taken from the version in the config
app_idThe application identifier, taken from the app_id in the config
audThe API URI, taken from the app_uri in the config
issThe UUID of the API key
iatThe current datetime, formatted in the Unix timestamp format. This is used to minimize the possibilities of a replay attack, so that a JWT created in the past cannot be reused. Currently a tolerance of 30 seconds is used to account for any clock skew between our servers and the back end servers, but it can be changed, probably shortened in the future. Example value: 1502121268
jtiAn unique identifier in the UUID format of the JWT itself to ensure a JWT can be used only once.
access_tokenThe access token specific to the car, the retrieal of which is done per the next step or by OAuth2

Send a Request

Once the emulator is open, fire away a request. For example to get the diagnostics state of the vehicle. Note that you will get a "Vehicle Asleep" error returned if the emulator is closed.

If you see that the app lacks permissions, you will need to revisit step two of the "Create an App" section of this document and select the appropriate permissions for your telematics command.

Auto API

Check out the Auto API OpenAPI Specification for all details.

const request = require('request')

request.get({
  url: REST_API_CONFIG.app_uri + '/diagnostics',
  headers: {
    Authorization: 'Bearer ' + jwtToken
  }
}, (error, response, body) => {
  console.log('error:', error)
  console.log('statusCode:', response && response.statusCode)
  console.log('body:', body)
})