Credentials Flow - Smartmove

Since we do not allow unapproved access to our endpoints, fetching a token from our server is needed. This is realised through OAuth.

Receive a client id and client secret from us.

Use that information to send a request to the following endpoint.

Sample Request

curl -X POST "https://api.smartmove.eu/auth/realms/$ASSET_PROVIDER_COUNTRY_CODE-$ASSET_PROVIDER_CODE/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  --data "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET"

If valid asset provider information and credentials were inserted, then a successful response with the HTTP code 200 should be returned.

Sample Response

{
    "access_token": "eyJABCDEFG",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "scope": "profile email"
}

Afterwards, the value under access_token can be used as the bearer token for our provided endpoints.
As stated in our API Reference, this token should be used by adding a header with Authorization as the key and Bearer YOUR_TOKEN as the value.

The token is only valid for 5 minutes, after which another one has to be fetched.