Authorization
Otonomo's authorization flow guarantees applications run securely and offers drivers full control over the data they share.
Otonomo's Platform is managed through an OAuth2 framework and was designed to allow Service Providers the ability to interact with vehicles using Otonomo's API.
Based on the data requested, different tokens are utilized to ensure proper authentication is done. Here are the two types of tokens:
Fleet (Workspace) Access Token
This token is used to access Fleet data.
Request
The Fleet Access Token can be fetched by using the following header in the API request:
Header | Description |
---|---|
content_type | application/x-www-form-urlencoded |
The request body parameters should be provided in the format described within the header and should consist of the following:
FYI
To get your client_id , client_secret and service ID Read here
Request
The request below is for an account which was created in https://market.otonomo.io/:
curl -X POST \
https://api.otonomo.io/v1/oauth/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=FhiDWkmn5j7vghfgherVDlkdeABC&client_secret=NHeN4UqVsohGS55I7LBdhFGqA&grant_type=client_credentials&service=MyService'
The request below is for an account which was created in https://market.eu.otonomo.io/:
curl -X POST \
https://api.eu.otonomo.io/v1/oauth/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=FhiDWkmn5j7vghfgherVDlkdeABC&client_secret=NHeN4UqVsohGS55I7LBdhFGqA&grant_type=client_credentials&service=MyService'
Response
The response will include an access token.
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UTkZORGxHT0VJeE5qZzNNVUkxUmpJMVJUZEJPRE15UlVVM05VTTJOa1ZETjBNNU1URTVOUSJ9.eyJodHRwczovL290b25vbW8uaW8vbmFtZSI6Im90b0FwcHMiLCJodHRwczovL290b25vbW8uaW8vdXNlcl90eXBlIjoidG9ub21vLmlvL3ZlbmRvciI6Im90b0FwcHMiLCJpc3MiOiJodHRwczovL2F1dGgub3Rvbm9tb",
"expires_in": 86400,
"token_type": "Bearer"
}
Fleet Access Token Expiration
Please note that within the response body you have the time (in seconds) until the token's expiration
Use this token as a header within each API request. The header title should be "authorization" and the value is the access token string preceded by the word "Bearer".
Below is an example:
Header | Description |
---|---|
authorization | Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UTkZORGxHT0VJeE5qZzNNVUkxUmpJMVJUZEJPRE15UlVVM05VTTJOa1ZETjBNNU1URTVOUSJ9.eyJodHRwczovL290b25vbW8uaW8vbmFtZSI6Im90b0FwcHMiLCJodHRwczovL290b25vbW8uaW8vdXNlcl90eXBlIjoidG9ub21vLmlvL3ZlbmRvciI6Im90b0FwcHMiLCJpc3MiOiJodHRwczovL2F1dGgub3Rvbm9tb |
Driver Access Token
Driver Access Token is required for obtaining Personal data - private ownership. Please refer to Obtaining Driver Consent
Updated 11 months ago