Getting Verified for Production
Here is a guide to the steps necessary to take an app from development into production. This will allow you to switch from accessing data from the car emulators to accessing car data from BMW, MINI and Mercedes-Benz vehicles.
Development vs. Production
Because they connect to real cars, apps created in the Production tab only have access to live APIs.
Please note that though the APIs in the emulators respond instantly to changes in vehicle state, vehicle data is sometimes updated more sporadically. For instance, a vehicle might send data each time its doors are locked or unlocked – but not during a trip. In any case, HIGH MOBILITY’s APIs always provide the latest vehicle data available from the manufacturer. For more information, please see the relevant page for each car manufacturer:
Submitting an App for Production
Once an application has been tested in the development section with the car emulators, you are ready to move into production.
The first steps to create an application are the same in Production as they are in Development: create an app and then select the desired permissions.
After selecting the desired permissions, you will be shown the pricing for each individual car manufacturer, along with any rate limitations.
Once an app has been submitted for production, we will review it, and confirm that it conforms to guidelines provided by the car manufacturers. This process usually takes one day.
Changing OAuth Credentials
As soon as a production app is created — even when it is a draft — new OAuth2 credentials are listed on the page. You should use these new credentials before submitting the app. We can then test the application using our "verification emulator" if necessary. Once the app has been approved, the credentials will be released for the production environment and will be ready to be used with vehicles.
Note: The car owner must grant access to your application before any data can be retrieved. This process is detailed in our blog post, User Consent and the Authorisation Process.
In order for a car owner to complete the consent flow, the following should be observed:
- The vehicle has to be located in Europe.
- The vehicle model has to be eligible (please review the requirements for BMW, MINI and Mercedes-Benz).
- The user must have an active BMW ConnectedDrive or Mercedes me subscription.
- In the consent flow, the user will be asked to enter the VIN (Vehicle Identification Number), and log in to their BMW ConnectedDrive or Mercedes me account.
Though there are subtle differences between the flow depending on the car manufacturer, our platform ensures that the differences are transparent. Here are the main steps in the authorisation flow:
- Your application redirects the user to our platform using the Auth URI.
- The user follows the authorization sequence, approving requested permissions and verifying car ownership with the carmaker.
- User is redirected to your application's redirect_uri with an authorization code.
- Your application exchanges the authorization code for an access token, which is used to call the REST API or initiate one of the HMKit SDKs.
With the access token, it is possible to get the latest data from the user’s vehicle.
For a detailed walkthrough of the OAuth2 sequence, head over to the OAuth2 Tutorial page.
The price of data access varies according to both permissions selected and car manufacturer. A provisional total is presented while selecting permissions for the app, and a final checkout summary is presented at the end of the billing month according to the number of API calls.
If you have any questions, please head to our Support page.