REST Auto API Tutorial

The REST Auto API lets you work with car data on any platform. This tutorial will help you get started and show you how to work with it.

Create an App
Create a Vehicle
Get API Config
Create a JWT
Link Vehicle and Authorise Device
Send a Request

Requirements
The only requirement is that you have a library at hand to create a JWT Token for authentication purposes.

Create an App

In the Develop tab you will find your apps. In the app details page you are going to set the permissions it requires, manage devices and link virtual vehicles from your garage to test. Let's see how to create a new app.

Go to the Develop tab, click the big plus (+) button and select Cloud App. Enter a name and continue.
In the left section, select the permissions that your app needs under the "Permissions" tap. You may need to toggle "Show all permissions" to see hidden permissions. For the purporses of this tutorial, you will need to select the "Diagnostics" capability and then select "Mileage" before pressing "save".
Note: Each permission must now manually be added to each new app.
You can edit your app name and image from the menu icon next to the app name.

Create a Vehicle

In the carmaker workspaces you will be able to create vehicles or other items to link with your app and to test with the emulators.

Go to a carmaker workspace, click the big plus (+) button and select one vehicle to start. Enter a name and continue.
You will find the vehicle capabilities listed to the left.
If you click on the "Launch emulator" button you will see how it looks like. Next we will need to link an app with the vehicle.

Get API Config

The first thing your app code needs to do is to provide credentials to the server. This is done through JWT and we will provide an example in this Tutorial for JavaScript.

Go to the Apps tab, and select the app you created in the previous steps.
Choose "Client certificate" in the left section and then the "REST" tab.
Copy the JSON snippet.
Insert the snippet into into your project and assign it to a variable.

The config variable will look something like this:

const REST_API_CONFIG = {
  version: '1.0',
  type: 'rest_api',
  private_key_id: 'fdfa4bf6-328b-4c82-b6e0-833688690acb',
  private_key: `-----BEGIN EC PRIVATE KEY-----
MHYCAQEEIOWpew43ebg4jS0vAaXGFjBFmpZRb2f8KIampd2Emi25oAoGCCqGSM49
AwEHoUMDQQCE8W3k3aprpBxZ3QBlW+WdteJc+UgeIyqY/UOOAcR4qanZKj6CBHa3
8Wl60x6ql2IESr8F3ZXRnVIami0VC7mY
-----END EC PRIVATE KEY-----`,
  app_id: 'B7DC46627768907681308743',
  app_uri: 'https://sandbox.rest-api.high-mobility.com/v4'
}

Here's an overview of the steps:

Include the key-pair information in your back-end system. You can use your preferred JWT library.
Create an JWT Token per example below.
The second step has to be done for all endpoints, e.g. getting the diagnostics state.

Create a JWT

The JWT should be signed using the ES256 algorithm and must contain the following claims:

api_version	The version of the API, taken from the version in the config
app_id	The application identifier, taken from the app_id in the config
aud	The API URI, taken from the app_uri in the config
iss	The UUID of the API key
iat	The current datetime, formatted in the Unix timestamp format. This is used to minimize the possibilities of a replay attack, so that a JWT created in the past cannot be reused. Currently a tolerance of 30 seconds is used to account for any clock skew between our servers and the back end servers, but it can be changed, probably shortened in the future. Example value: 1502121268
jti	An unique identifier in the UUID format of the JWT itself to ensure a JWT can be used only once.
access_token	The access token specific to the car, the retrieal of which is done per the next step or by OAuth2

Link Vehicle and Authorise Device

Now you just need to link the vehicle with the app in order to work with it in the emulator. Follow the next steps:

Go back to your app details page in the Apps tab and click on the "Create link" button on the right side.
Choose the vehicle you just created and link it to your app. The vehicle will be added to linked vehicles list but you will see an alert icon between the app and the vehicle. That means that your app has yet not been authorised.
Click on the alert icon and you will see an Access Token snippet that is unique to this link. Copy it.
Insert the snippet into your project code use it in combination with your app config to create a JWT Token.
Click on the vehicle to launch the emulator. This time you can start using your app to interact with the vehicle's APIs.

Production mode
In order to get an Access Token for a production app, either the OAuth2 consent flow or the Fleet Clearance documentation should be followed.

The code snippet in your project should look something like this:

const jwt = require('jsonwebtoken')
const uuid4 = require('uuid4')

const payload = {
  api_version: REST_API_CONFIG.version,
  app_id: REST_API_CONFIG.app_id,
  aud: REST_API_CONFIG.app_uri,
  iat: Math.round(Date.now() / 1000),
  jti: uuid4(),
  access_token: 'b55af95a-607c-47e8-ad37-5016a8beda61',
}

const privateKey = Buffer.from(REST_API_CONFIG.private_key, 'utf8')
const jwtToken = jwt.sign(payload, privateKey, { algorithm: 'ES256' })

Send a Request

Once the emulator is open, fire away a request. For example to get the diagnostics state of the vehicle. Note that you will get a "Vehicle Asleep" error returned if the emulator is closed.

If you see that the app lacks permissions, you will need to revisit step two of the "Create an App" section of this document and select the appropriate permissions for your telematics command.

Auto API
Check out the Auto API OpenAPI Specification for all details.

const request = require('request')

request.get({
  url: REST_API_CONFIG.app_uri + '/diagnostics',
  headers: {
    Authorization: 'Bearer ' + jwtToken
  }
}, (error, response, body) => {
  console.log('error:', error)
  console.log('statusCode:', response && response.statusCode)
  console.log('body:', body)
})

REST Auto API Tutorial

Table of Contents

Requirements