Quickstart - App Registration
- Before starting this tutorial, we strongly encourage you to read authentication in Web API B2C.
- 📱 A brief description of your App (concept, requested vehicle data, requests per month, app name, company name, contact email).
- 👤 A registered Application and its credentials (Client ID/secret, Certificates, MZP).
- 🔑 Your Application private key.
This tutorial explains how to register your application in Stellantis systems. At the end of this tutorial, you will have all the credentials required to enroll a user in your App.
Registration Process #
The following schema explains the process to register your Application in order to obtain a Client ID and a Client Secret.
1️⃣ Describe your Application #
As the Accessing Party (or Third-Party Application), you are building an Application requesting access to End-User vehicle’s data.
Mobilisights is Stellantis company for connected mobility. They are the one able to register an Application.
In order to register the App in Stellantis system, you should contact Mobilisights with the following App description:
- 📱 Then Name & Concept of your Application compliant to ExVe, GDPR & Stellantis Rules.
- 👩🏽💻 The Name & Email of you or your company.
- 📊 An estimation of the number of Requests per month.
- 🚙 The list of vehicle data required for your App.
If your application project is approved, Mobilisight will create a Login Identifier (or MZP) and request a CSR (Certificate Signing Request) to proceed your App registration.
2️⃣ Generates Encryption Keys & CSR #
Once you have received MZP login, the next step is to produce SSL keys and CSR. These keys will allow encrypted communication between you and Stellantis servers:
- Public key will be used by Stellantis to encrypt messages.
- Private key will be used by you to decrypt Stellantis’s messages. Be careful, the private key must remain secret.
In order to ensure your identity, you have to produce and send a Certificate Signing Request (CSR) to your Stellantis contact. Stellantis Authority will sign your CSR and send you back a proper SSL certificate. These are the required info to produce your CSR:
|COUNTRY NAME (C)||Country code, two letters (ex: FR)|
|STATE OR PROVINCE (S)||ex: ‘Kansas’ or ‘Ile de France’|
|LOCALITY NAME (L)||ex: ‘Paris’|
|ORGANIZATION NAME (O)||ex: ‘Free2Move’|
|ORGANIZATIONAL UNIT (OU)||You must type: ‘Programs Partners’|
|COMMON NAME (CN)||ex: ‘MZP128745’|
|EMAIL ADDRESS||Email address will be used in order to download and renew your certificate|
Producing encryption keys and CSR have to be done with a dedicated software. The following paragraphs are examples of CSR generation using OpenSSL and Keytool:
CSR with OpenSSL
OpenSSL is an open-source software library for encryption purpose. It is widely used in internet security. You can download and install Open SSL using this link (Windows).
With OpenSLL producing keys and creating CSR can be performed in one step. Create a directory with text configuration file named like ‘CSRConfig.conf’ and copy/past this text into and fill-out the form.
1 2 3 4 5 6 7 8 9 10 11 12 [ req ] default_bits = 2048 distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = COUNTRY NAME (C) two letters ex: FR stateOrProvinceName = STATE OR PROVINCE (S) ex: Kansas or Ile de France localityName = LOCALITY NAME (L) ex: Paris organizationName = ORGANIZATION NAME (O) ex: Free2Move organizationalUnitName = ORGANIZATIONAL UNIT (OU) Programs Partners commonName = COMMON NAME (CN) ex: MZP128745 emailAddress = EMAIL ADDRESS will be used in order to download and renew your certificate
Browse this place with your terminal and execute this command:
1 2 3 4 5 $ openssl req \ -new \ -keyout KeyName.pem \ -out CSRName.csr \ -config CSRConfig.conf
KeyName.pemwill be your keyfile name
CSRName.csrwill be your CSR name
CSRConfig.confis the configuration file’s name
CSR with Keytool
Keytool comes with Java Devlopment Kit. Like OpenSSL, it can be used to produce keys (in a file name keystore) and CSR.
Produce your keys using this command:
1 2 3 4 5 6 7 $ keytool \ -genkey \ -alias KeyName \ -keyalg RSA \ -keysize 2048 \ -dname "CN=MZPXXXX,OU=Programs Partner,O=PartnerName,L=Paris,C=FR,firstname.lastname@example.org" \ -keystore KeyStoreName.jks
CNCommon Name (ex MZP128745)
OUDo not replace Programs Partners is right
OOrganization Name (ex Free2Move)
LLocality Name (ex Paris)
CCountry Name two letters (ex: FR)
Keynamewill be the name of the keys in the keystore
KeyStoreName.jkswill be the name of your keystore
Generate your CSR:
1 2 3 4 5 $ keytool \ -certreq \ -alias Keyname \ -keystore KeyStoreName.jks \ -file CSRName.csr
Keynameis the name of the keys in the keystore
KeyStoreName.jksis the name of your keystore
CSRName.csrwill be the name of the CSR
3️⃣ Receive your Credentials #
When the description of the App is approved, Stellantis will send you the credentials for your Application. The following data are required to perform a request to the API:
- 👤 Application Client ID.
- 🗝 Application Client Secret.
- 📄 Application Issued Certificate.
- 📜 Stellantis CA Certificate.
Once your App is registered and you have received your App Identifiers, you are able to Enroll End Users in order to obtain an access token.