GuidesAPI Reference

Authorization

Suggest Edits

Otonomo's authorization flow guarantees applications run securely and offers drivers full control over the data they share.

Otonomo's Platform is managed through an OAuth2 framework and was designed to allow Service Providers the ability to interact with vehicles using Otonomo's API.

Based on the data requested, different tokens are utilized to ensure proper authentication is done. Here are the two types of tokens:

Fleet (Workspace) Access Token

This token is used to access Fleet data.

Request

The Fleet Access Token can be fetched by using the following header in the API request:

HeaderDescription
content_typeapplication/x-www-form-urlencoded

The request body parameters should be provided in the format described within the header and should consist of the following:

ParameterDescription
grant_typeAlways "client_credentials".
client_idYour identification string - Read more here
client_secretThe client password - Read more here
serviceThe Service ID - Read more here

📘

FYI

To get your client_id , client_secret and service ID Read here

Request

The request below is for an account which was created in https://market.otonomo.io/: 

curl -X POST \
  https://api.otonomo.io/v1/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=FhiDWkmn5j7vghfgherVDlkdeABC&client_secret=NHeN4UqVsohGS55I7LBdhFGqA&grant_type=client_credentials&service=MyService'

The request below is for an account which was created in https://market.eu.otonomo.io/:

curl -X POST \
  https://api.eu.otonomo.io/v1/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=FhiDWkmn5j7vghfgherVDlkdeABC&client_secret=NHeN4UqVsohGS55I7LBdhFGqA&grant_type=client_credentials&service=MyService'

Response

The response will include an access token. 

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UTkZORGxHT0VJeE5qZzNNVUkxUmpJMVJUZEJPRE15UlVVM05VTTJOa1ZETjBNNU1URTVOUSJ9.eyJodHRwczovL290b25vbW8uaW8vbmFtZSI6Im90b0FwcHMiLCJodHRwczovL290b25vbW8uaW8vdXNlcl90eXBlIjoidG9ub21vLmlvL3ZlbmRvciI6Im90b0FwcHMiLCJpc3MiOiJodHRwczovL2F1dGgub3Rvbm9tb",
  "expires_in": 86400,
  "token_type": "Bearer"
}

📘

Fleet Access Token Expiration

Please note that within the response body you have the time (in seconds) until the token's expiration

Use this token as a header within each API request. The header title should be "authorization" and the value is the access token string preceded by the word "Bearer".

Below is an example:

HeaderDescription
authorizationBearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UTkZORGxHT0VJeE5qZzNNVUkxUmpJMVJUZEJPRE15UlVVM05VTTJOa1ZETjBNNU1URTVOUSJ9.eyJodHRwczovL290b25vbW8uaW8vbmFtZSI6Im90b0FwcHMiLCJodHRwczovL290b25vbW8uaW8vdXNlcl90eXBlIjoidG9ub21vLmlvL3ZlbmRvciI6Im90b0FwcHMiLCJpc3MiOiJodHRwczovL2F1dGgub3Rvbm9tb

Driver Access Token

Driver Access Token is required for obtaining Personal data - private ownership. Please refer to Obtaining Driver Consent

Updated 11 months ago