{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}
To interact with the Smartcar API, you will need to exchange your authorization code for an access token. The authorization code represents a user’s consent, but cannot be used to make requests to a vehicle. Instead, it must be exchanged for an access token. An example request is provided to the right.

Request

Headers
Authorization
string
required
HTTP Basic Auth header containing the client_id and client_secret. The header is formed by concatenating the word “Basic”, a space, and a base64-encoded string consisting of the client_id, a colon :, and the client_secret.
Content-Type
string
required
Must be set to application/x-www-form-urlencoded, matching the format of the request body.
User-Agent
string
required
A valid HTTP User Agent value.
Body
code
required
The authorization code received in the handle response step.
grant_type
required
This value must be set to authorization_code
redirect_uri
required
The redirect_uri provided in the redirect to Connect step. This value is checked to match the URI sent when the user was directed to Connect.
If you launch Connect from a single-page or mobile application, redirect_uri must match the URI passed in your Connect URL, not the redirect for your backend.

Response

access_token
A string representing an access token used to make requests to the Smartcar API.
expires_in
The number of seconds the access token is valid for. This is always set to 7200 (2 hours)
refresh_token
A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.
token_type
Always set to Bearer.
{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}