Refreshing Refresh Tokens

  curl https://auth.smartcar.com/oauth/token \
    -X POST \
    -H 'Authorization: Basic base64({client_id}:{client_secret})' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'grant_type=refresh_token&refresh_token=3e565aed-d4b2-4296-9b4c-aec35825a6aa'

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}

  curl https://auth.smartcar.com/oauth/token \
    -X POST \
    -H 'Authorization: Basic base64({client_id}:{client_secret})' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'grant_type=refresh_token&refresh_token=3e565aed-d4b2-4296-9b4c-aec35825a6aa'

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}

Depending on your application logic, there may be cases where you don’t end up fetching a fresh access token for more than 60 days. If this is the case, you should fetch a new token pair before the 60 days are up so the user doesn’t need to go through Connect again. This will give you a newly minted access token and refresh token.

A refresh token is invalidated 1 minute after use. Please ensure you're persisting both the newly minted access and refresh token. Failure to do so will require the user to go through Connect again after the access token has expired.

Request

Headers

Authorization

string

required

HTTP Basic Auth header containing the client_id and client_secret. The header is formed by concatenating the word “Basic”, a space, and a base64-encoded string consisting of the client_id, a colon :, and the client_secret.

Content-Type

string

required

Must be set to application/x-www-form-urlencoded, matching the format of the request body.

User-Agent

string

required

A valid HTTP User Agent value.

Body

grant_type

required

This value must be set to refresh_token

refresh_token

required

The refresh token received in the response with the access token from an auth code exchange or prior token refresh.

  curl https://auth.smartcar.com/oauth/token \
    -X POST \
    -H 'Authorization: Basic base64({client_id}:{client_secret})' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'grant_type=refresh_token&refresh_token=3e565aed-d4b2-4296-9b4c-aec35825a6aa'

Response

access_token

A string representing an access token used to make requests to the Smartcar API.

expires_in

The number of seconds the access token is valid for. This is always set to 7200 (2 hours)

refresh_token

A string representing a refresh token, which is used to renew access when the current access token expires. The refresh token expires after 60 days.

token_type

Always set to Bearer.

{
  "access_token": "cf7ba7e9-8c5d-417d-a99f-c386cfc235cc",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "58b128ba-8e44-11ee-b9d1-0242ac120002"
}

Refreshing Access Tokens Redirect to Connect

Introduction

Launching Connect

Token Management

Reauthentication

Vehicle Owner Actions

Advanced Configuration

Refreshing Refresh Tokens

Request

Response

Introduction

Launching Connect

Token Management

Reauthentication

Vehicle Owner Actions

Advanced Configuration

​Request

​Response

Request

Response