Enode Developers

Accessing the API

The Enode API uses OAuth 2.0 client access tokens to authenticate requests coming from your server. To access our API, you will exchange your client’s API credentials for a short-lived access token, and include the token in all calls to our API.

Copy linkGet your API credentials

From your organization dashboard, navigate to your client and click it to view its details. For the purpose of testing the authentication flow, we recommend you start with a client pointing to the sandbox environment. The API credentials for your clients can be found in the API credentials section in your client’s settings.

  • Your client ID will be available directly after creation.
  • Your client secret needs to be generated, as this will only be visible once upon creation.

Click Generate client secret to create your client secret. Copy your client secret and store it in a secure location.

Copy linkRegenerating the client secret

Should you lose access to your client secret, or suspect that it might be leaked, you can generate a new secret. From the API credentials section of your clients, click Regenerate secret.

Once you confirm, you’ll then be presented with a new client secret, and the old client secret will be immediately invalidated. You can only have one active secret at a time.

Copy linkGet an access token

The access token allows you to authenticate with your client, authorizing access to all data and functionality within your client. The token is obtained via the standard OAuth 2.0 client credentials grant, using the API credentials and the corresponding OAuth URL for the environment of your client. You can leverage this example to generate an access token yourself, but we recommend following our best practice to use an existing OAuth library in production.

With your client ID and client secret, you can pass these as authorization headers to the OAuth token URL, which can be found in the API credentials section of your client’s settings.

Token request example

curl {OAUTH_TOKEN_URL} \
-X POST \
-u {YOUR_CLIENT_ID}:{YOUR_CLIENT_SECRET} \
-d "grant_type=client_credentials"

After requesting the token URL as described above, you’ll receive a response containing your access token. This access token should be cached on your server or stored in one of your datastores until it expires and subsequently needs to be refreshed.

Token response example

{
  "access_token": "{YOUR_ACCESS_TOKEN}",
  "expires_in": 3599,
  "scope": "",
  "token_type": "bearer"
}

Copy linkBest practice? Use an existing library to handle authentication

Since our API implements the OAuth 2.0 specification without any modifications, you can use a number of OAuth libraries to mange the authentication process for you. We recommend this route over rolling your own implementation, as these are usually battle tested and well maintained. You can refer to this overview of some of the libraries available in common programming languages.

Copy linkRefreshing access tokens

The access token expires every hour, as described by the expires_in key in the access token response. Once your token expires, your server should repeat the process to obtain a new access token. OAuth libraries can help manage this process for you.

Copy linkAccess the API with the access token

With your access token ready, you can now start accessing the Enode API. All API requests towards your client need to be authenticated via a bearer authentication header.

Client-wide resource request example

curl {API_URL}/vehicles \
-H "Authorization: Bearer {YOUR_ACCESS_TOKEN}" \
-H "Content-Type: application/json" \

You can grab the API URL from the API credentials section of your organization dashboard.

Was this article helpful?