Quickstart - Authentication
Authentication B2B #
In this tutorial you will find an explanation about getting your B2B authentication in Stellantis network. This authentication is required in order to consume Stellantis API for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall).
This page is dedicated to Stellantis’s commercial partners. End-user authentication procedure is different, check this page.
Our API let you access sensible data about your fleet of vehicles, that’s why we have to perform mutual authentication between our networks. In order to sign your certificate we need you to produce a Certificate Signing Request (CSR).
At the end of this process you will have everything you need to consume our B2B API for connected vehicles!
MZP: partner login in Stellantis (ex-Groupe PSA) network.
Password: partner password in Stellantis (ex-Groupe PSA) network.
Client ID: application ID (maybe you will have more than one application).
Client Certificate: trusted SSL certificate signed by the dedicated Stellantis (ex-Groupe PSA) authority.
Private Key: Your Private Key file.
CA Certificate: Stellantis CA Cert for peer verification.
1. Partner Login #
First, you’ll need a Stellantis (ex-Groupe PSA) login (ex: MZP123456). If you already have one, you can go to step 2. If you don’t have one, contact us and we will create one for you.
2. Encryption Keys & CSR #
Once you have received MZP login, next step is to produce SSL keys and CSR. These keys will allow encrypted communication between you and Stellantis:
- Public key will be used by Stellantis to encrypt messages.
- Private key will be used by you to decrypt Stellantis’s messages. Be careful, your private key is secret you need to keep it safe on your network.
In order to ensure your identity we have to perform signing process of your public key and general info about your company. That is why you need to create a Certificate Signing Request (CSR). We will sign your CSR and send you back a proper SSL certificate. Here is info we need in your CSR:
|COUNTRY NAME (C)||Country code, two letters (ex: FR)|
|STATE OR PROVINCE (S)||ex: ‘Kansas’ or ‘Ile de France’|
|LOCALITY NAME (L)||ex: ‘Paris’|
|ORGANIZATION NAME (O)||ex: ‘Free2Move’|
|ORGANIZATIONAL UNIT (OU)||You must type: ‘Programs Partners’|
|COMMON NAME (CN)||ex: ‘MZP128745’|
|EMAIL ADDRESS||Email address, will be used in order to download and renew your certificate|
Producing encryption keys and CSR have to be done with a dedicated software. Here is examples with two of them:
2.1 With OpenSSL
OpenSSL is an open-source software library for encryption purpose. It is widely used in internet security. You can download and install Open SSL using this link (Windows).
With OpenSLL producing key and creating CSR can be performed in one step. Create a directory with text configuration file named like ‘CSRConfig.conf’ and copy/past this text into it:
1 2 3 4 5 6 7 8 9 10 11 12 13 [ req ] default_bits = 2048 distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = COUNTRY NAME (C) two letters ex: FR stateOrProvinceName = STATE OR PROVINCE (S) ex: Kansas or Ile de France localityName = LOCALITY NAME (L) ex: Paris organizationName = ORGANIZATION NAME (O) ex: Free2Move organizationalUnitName = ORGANIZATIONAL UNIT (OU) Press enter or Programs Partners organizationalUnitName_default = Programs Partners commonName = COMMON NAME (CN) ex: MZP128745 emailAddress = EMAIL ADDRESS will be used in order to download and renew your certificate
Browse this place with your terminal and execute this command:
1 2 3 4 5 $ openssl req \ -new \ -keyout KeyName.pem \ -out CSRName.csr \ -config CSRConfig.conf
KeyName.pemwill be your keyfile name
CSRName.csrwill be your CSR name
CSRConfig.confis configuration file’s name
You will be requested for info incorporated in your CSR. Once you fill it you will get your CSR and Keyfile in your directory.
2.2 With Keytool
Keytool comes with Java Devlopment Kit. Like OpenSSL, it can be used to produce keys (in a file name keystore) and CSR.
Produce your keys using this command:
1 2 3 4 5 6 7 $ keytool \ -genkey \ -alias KeyName \ -keyalg RSA \ -keysize 2048 \ -dname "CN=MZPXXXX,OU=Programs Partner,O=PatrnerName,L=<Paris,C=FR,email@example.com" \ -keystore KeyStoreName.jks
CNCommon Name (ex MZP128745)
OUDo not replace Programs Partners is right
OOrganization Name (ex Free2Move)
LLocality Name (ex Paris)
CCountry Name two letters (ex: FR)
Keynamewill be the name of the keys in the keystore
KeyStoreName.jkswill be the name of your keystore
Generate your CSR:
1 2 3 4 5 $ keytool \ -certreq \ -alias Keyname \ -keystore KeyStoreName.jks \ -file CSRName.csr
Keynameis the name of the keys in the keystore
KeyStoreName.jksis the name of your keystore
CSRName.csrwill be the name of the CSR
3. Submit CSR #
Once you have created your brand-new CSR file, send it to your contact in Stellantis. At this point we will begin our internal process to sign your certificate.
4. Certificate & Client ID #
If everything is ok, our certification authority will accept your Certificate Signing Request. Then you’ll receive an email at the adress you specified. This email contains: link to download your certificate & Stellantis CA certificate + Client ID (= application id). Download your signed certificate and keep carefully your client ID.
5. Request Example #
In order to use Stellantis Fleet owner API for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall), you must authenticate yourself as a partner in Stellantis’s network! Look further for more info about B2B authentication. Once you get what you need for authentication, you can try to send your first request to Stellantis’s API.
Here is an example with cURL:
1 2 3 4 5 6 7 8 $ curl \ --GET \ --url 'https://api-cert.groupe-psa.com/connectedcar/v3/fleets' \ --data 'client_id=<client_id>' \ --header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' \ --cert 'path/to/client_cert.pem[:<cert_password>]' \ --key 'path/to/key.pem' \ --cacert 'path/to/ca_cert.pem' \
||Id of the application.||Yes|
||Your SSL certificate for authentication in Stelantis network.||Yes|
||Your Private Key file.||Yes|
||Stellantis CA Cert for peer verification.||Yes|
||Advertises that you accept JSON content type.||Yes|
||Indicate that authentication is Basic Auth and <BASIC_AUTH> is user:password in Base64.||Yes|
See Also #
A Quick Start guide is provided to help you understand the basics and get started.
Testing the API
To test the API you can check the API List directly.