Skip to main content
When requesting permissions, it’s crucial to only ask for the data that is absolutely necessary for your application’s functionality. Avoid collecting additional permissions “just in case” you might need them later. This practice not only protects vehicle owners’ privacy but also increases the likelihood of users granting consent during the Connect flow. Users are more likely to trust and authorize applications that clearly demonstrate respect for their privacy by requesting minimal, purposeful access to their vehicle data.

Vehicle Access

Smartcar’s Vehicle Access configuration page (Dashboard → Configuration → Vehicle Access) lets you select the vehicle data (signals) and commands without needing to know which individual permission is needed for a given signal. Based on the signals you choose, Smartcar automatically determines the minimum set of OAuth permissions required and surfaces them during the Connect flow.
Signals vs Permissions: Permissions (e.g. read_location, control_security) are OAuth scopes requested from the user. Signals are the granular data points (e.g. state of charge, tire pressure) defined in the Signal Schema. Vehicle Access starts from signals and derives the needed permissions for you.

Why use Vehicle Access?

  • Enforces least-privilege automatically
  • Reduces guesswork mapping data needs to permissions
  • Prevents over-requesting and improves user trust
  • Keeps configuration centralized in the Dashboard

How it works

  1. You open the Vehicle Access page in the Dashboard.
  2. You search or browse for the signals you need (see the Signal Schema for structure and definitions).
  3. Smartcar instantly computes the required permissions for those signals.
  4. You save the configuration; the derived permissions are locked in for subsequent Connect authorizations.
  5. During Connect, Smartcar presents only those permissions—no need to manually maintain a scope list.
Updating Vehicle Access changes the permissions requested in future Connect authorizations. Existing vehicle connections retain their previously granted scopes until the user re-authenticates.
Passing the scope parameter in the Connect URL overrides the permissions derived from Vehicle Access for that authorization. This allows you to request different permissions for specific Connect flows without changing your overall Vehicle Access configuration.

Example

Selecting signals for battery state of charge, charging status, and odometer will automatically derive permissions such as read_battery, read_charge, and `read_odometer. You don’t need to add those manually.

Required Permissions

Effective June 16th, 2026. The behavior described in this section takes effect on June 16th, 2026.
Every permission you request appears on the Connect grant screen as a checkbox. You control whether the vehicle owner can uncheck it.
  • Required permissions appear checked and locked. The owner cannot uncheck them.
  • Optional permissions appear checked by default. The owner can uncheck them before connecting.
At least one permission must remain selected for the owner to complete the connection. You can set this per signal in the Dashboard under Configuration → Vehicle Access using the Required toggle, or per Connect flow by adding the required: prefix to a permission in the scope parameter (e.g. required:read_odometer).
Smartcar Dashboard Vehicle Access tab with the Required toggle on for External Temperature and off for Internal Temperature.
Marking a permission as required signals that your application needs it. It does not guarantee the vehicle supports it. If a connected vehicle does not support a permission, calls to that endpoint return a VEHICLE_NOT_CAPABLE error. To restrict which vehicles can connect by powertrain type, use Connection Filters.

Read Permissions

Permissions prefixed with read_ allow your application to get data from a vehicle as part of GET requests.
read_alertsRead alerts from the vehicle
read_batteryRead an EV’s high voltage battery data
read_chargeRead charging data
read_charge_locationsAccess previous charging locations and their associated charging configurations
read_charge_recordsRead charge records and associated billing information
read_charge_eventsReceive notifications for events associated with charging
read_climateRead the status and settings of the vehicle’s climate control system
read_compassRead the compass direction the vehicle is facing
read_diagnosticsRead a vehicle’s system status and/or Diagnostic Trouble Codes
read_engine_oilRead vehicle engine oil health
read_extended_vehicle_infoRead vehicle configuration information from a vehicle
read_fuelRead fuel tank level
read_locationAccess the vehicle’s location
read_odometerRetrieve total distance traveled
read_securityRead the lock status of doors, windows, charging port, etc.
read_service_historyRead a vehicle’s dealer service history
read_speedometerRead a vehicle’s speed
read_thermometerRead temperatures from inside and outside the vehicle
read_tiresRead a vehicle’s tire status
read_user_profileRead the information associated with a user’s connected services account profile such as their email and phone number.
read_vehicle_infoKnow make, model, and year
read_vinRead VIN

Control Permissions

Permissions prefixed with control_ allow your application to issue commands or apply settings to a vehicle as part of POST or PUT requests.
control_chargeControl a vehicle’s charge state
control_climateSet the status and settings of the vehicle’s climate control system
control_navigationSend commands to the vehicle’s navigation system
control_securityLock or unlock the vehicle
control_pinModify a PIN and enable the PIN to Drive feature for the vehicle.
control_trunkOpen a vehicle’s trunk or frunk