Skip to main content

Authentication

Authentication Method

The Vehicle Data API uses an OAuth 2.0-based token authentication method. To use the API, you must obtain an access token based on client credentials and include this token in the Authorization header of all subsequent requests.

Authorization: Bearer <access_token>

Issuing Access Token

STEP 1. Check Client Information

  1. In Pleos Playground > My Project, select the project that will use the Vehicle Data API.
  2. On the Project Info screen, select the API tab.
  3. Check the Client ID and Client Secret.
danger

This information is required when making the API call to obtain an access token and must not be exposed to others.

STEP 2. Request Login from Vehicle Owner

You must prompt the vehicle owner with the brand’s login screen and obtain login authentication.
Call Login to display the login screen to the vehicle owner.

If the request includes valid parameters, the following screen will appear. Refer to the Login API documentation for a detailed explanation of the request parameters.

STEP 3. Obtain Authorization Code

When the vehicle owner successfully logs in from STEP 2, an authorization code (code) is returned to the redirect URL (redirectUrl) that was sent as a request parameter in STEP 2.

STEP 4. Request Access Token

Use the authorization code (code) obtained in STEP 3 as a parameter to call Create Access Token and generate the access token.

curl
curl -X POST "https://security-api.pleos.ai/v1/auth/token" \
  -H "Content-Type: application/json" \
  -H "Brand: hyundai" \
  -d '{
    "clientId": "abc14400-7aa5-3eac-b364-xxxxxxxxxxxx",
    "clientSecret": "xyzsrr1jr4vl91c8pjn4j9s8lp4sxxxxxxxxxxxx",
    "code": "a1a2a3a4-1010-2020-xyz1-2166063cb6af.2222b4b4-adde-4c73-8dc3-bc95ebc3935",
    "redirectUrl: "https://www.example.com/auth/hyundai"
  }'
  • clientId: Client ID of the Pleos Playground project
  • clientSecret: Client Secret of the Pleos Playground project
  • code: Code received in STEP 3.
  • redirectUrl: The login redirect URL provided during the Vehicle Data API access request in the Pleos Playground project.
caution

The access token is valid for 1 hour after issuance.

Refresh Access Token

The access token is valid for 1 hour, and the refresh token is valid for 180 days.
To renew an expired access token, call Refresh Access Token.

curl
curl -X POST "https://security-api.pleos.ai/v1/auth/token-refresh" \
  -H "Content-Type: application/json" \
  -H "Brand: hyundai" \
  -d '{
    "clientId": "abc14400-1111-3eac-b364-xxxxxxxxxxxx",
    "clientSecret": "o40srr1jr4vl91c8pjn4j9s8lp4sqxxxxxxxxxxxx",
    "refreshToken": "T9F38OE6PA8CT9V52F30KKKSRA6T5SRDA400"
  }'