WEB API

for end-users

Quickstart - Connect

Info: Stellantis End User API for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall) is not publicly available.

CONNECT YOUR APP #

Stellantis API End User for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall) API for connected vehicles let you access vehicles data of your users. In order to authorize your application and your users, we use open standard OAuth 2. This authentication standard implies that you need bearer token in order to access our connected vehicles API.

This step-by-step tutorial explains the flowchart intended to request and obtain a token for B2C connected vehicle API. First, you must identify your app on our website, then we will see how to get a bearer token and finally an example of request with this token.

Required info:

  • client_id: your APP ID in Stellantis (ex-Groupe PSA) developer platform.
  • client_secret: your APP Secret in Stellantis (ex-Groupe PSA) developer platform.
  • authorization grant: this grant is your user identification in Stellantis (ex-Groupe PSA) system.
  • bearer token: this token allows your app to access vehicle data of one of your users.

At the end of this process you will have everything you need to consume our B2C API for connected vehicles.

This schema explains the whole process:

connect-b2c-process

1. REGISTER YOUR APP #

1.1 DEVELOPER ACCOUNT #

On developer.groupe-psa.com:

  • Start by clicking on Create an account in the top right corner.
  • Specify your info: enter your name, email address, a password and the name of your organization.
  • Read and accept the terms and conditions, do not forget the CAPTCHA.
  • Then click on create a new account to validate the creation of your account.
  • You will receive an activation email, please use the link to confirm your account.

connect-b2c-signup

1.2 REGITSER YOUR APP #

Once your account is created and confirmed, you will be able to login on the website. To do so, click on login link in the top right corner of PG4D website.

Next step is to create your application. This process will create an identifier for your app in Stellantis’s (ex-Groupe PSA) information system:

  • Please browse the APP tab in the nav bar.
  • Then choose the create a new app button.
  • Choose a name (required), type a description (optional) and fill the redirect OAuth2 redirection URI (you can modify this one later).
  • Finally, press submit.
  • Save your client_id & client_secret.

Be careful: once your app has been submitted, you will be redirected to a page with your app info. At the top of the window, your client_secret will be displayed (you have to toggle Show Client Secret). This is the ONLY time it will be displayed on the website, you will then only be able to verify or reset it, so please write it down somewhere and keep it safe. You can retrieve your client_id at any time: go to the APP tab > select your APP > toggle show Client ID.

connect-b2c-create_app

1.3 SELECT PRODUCTS #

Now you have an account hosting your APP:

  • You can browse available API on API Product tab.
  • Then select Connected Car - B2C in the list.
  • Choose a plan by clicking on subscribe, select your app and press subscribe again.

For your requests to the API, you must use your client_id, client_secret and an access token.

connect-b2c-subscribe_app

2. ACCESS TOKEN #

Stellantis End User API for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall) use authentication based on OAuth2. The process to connect to the API require that you get an access token in exchange for a Grant of your user.

2.2 REQUEST #

1
2
3
4
5
6
$ curl \
  --request POST \
  --url 'https://idpcvs.{brand.tld}/am/oauth2/access_token' \
  --header 'Authorization: Basic <(client_id:client_secret)base64>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'realm=<realm>&grant_type=password&password=<password>&username=<username>&scope=profile%20openid' \
Type Name Value Description Required
Path param {brand.tld} <brand.tld> Depend on the vehicle brand:
 - Peugeot: peugeot.com
 - Citroen: citroen.com
 - DS: driveds.com
 - Opel: opel.com
 - Vauxhall: vauxhall.co.uk
Yes
Query param grant_type password Use OAuth2 password method. Yes
Query param password <password> User password. Yes
Query param username <username> User username id. Yes
Query param scope profile%20openid Scope is profile openID. Yes
Query param realm <realm> Realm of the brand:
 - Peugeot: clientsB2CPeugeot
 - Citroen: clientsB2CCitroen
 - DS: clientsB2CDS
 - Opel: clientsB2COpel
 - Vauxhall: clientsB2CVauxhall
Yes
Header authorization Basic <(client_id:client_secret)base64> Indicate that authentication is Basic Auth and <(client_id:client_secret)base64> means that you have to pass client_id:client_secret of your application encoded in Base64. Yes
Header content-type application/x-www-form-urlencoded Indicate content-type of your submited resource. Yes

2.1 RESPONSE #

Here is the description of the JSON response:

1
2
3
4
5
6
7
8
{
    "scope": "openid profile",
    "expires_in": 3599,
    "token_type": "Bearer",
    "refresh_token": "4f5f3749-0738-40ed-973c-0572b5ec2048",
    "id_token": "eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlM",
    "access_token": "4213cf9e-f9a6-4ec8-be9e-568d715e3029"
} 
Name Value Description
scope list of scopes Scope list.
expires_in <seconds> Period of validity in seconds. Default is 24 hours.
token_type Bearer Token type is always Bearer.
refresh_token <uuid> Refresh token can be used to replace user:password as described in Oauth2 spec.
id_token openID OpenID token.
access_token <uuid> This is the access token you have to use to consume the API.

3. CONNECTION EXAMPLE #

Once you get your token, you can test your bearer by requesting the B2C API:

1
2
3
4
5
6
$ curl \
  --GET \
  --url 'https://api.groupe-psa.com/connectedcar/v4/user/vehicles' \
  --data 'client_id=<client_id>' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'x-introspect-realm: <realm>' \
Type Name Value Description Required
Query parameter client_id <App_ID> Id of the application. Yes
Header Authorization: Bearer <access_token> Granted token allowing to consume the API. Yes
Header x-introspect-realm: <realm> Realm of the brand:
 - Peugeot: clientsB2CPeugeot
 - Citroen: clientsB2CCitroen
 - DS: clientsB2CDS
 - Opel: clientsB2COpel
 - Vauxhall: clientsB2CVauxhall
Yes
Header Accept: application/hal+json Advertises that you accept JSON content type. Yes

If your request is valid, then you should receive that kind of HTTP response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
    "_links": {...},
    "total": 2,
    "_embedded": {
        "vehicles": [
            {
                "id": ,
                "vin": "VR3ATTENTJY236996",
                "brand": "Peugeot",
                "pictures": [],
                "_links": {...}
            },
            {
                "id": ,
                "vin": "VR300054456744033",
                "brand": "Peugeot",
                "_links": {...}
            },
        ]
    },
    "currentPage": 1,
    "totalPage": 1
}

SEE ALSO #

TUTORIAL

A Quick Start guide is provided to help you understand the basics and get started.

TRY OUT!

Retrieve all reference of this API, go to the API List.