Quickstart - Connect
CONNECT YOUR APP #
Stellantis API End User for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall) API for connected vehicles let you access vehicles data of your users. In order to authorize your application and your users, we use open standard OAuth 2. This authentication standard implies that you need bearer token in order to access our connected vehicles API.
This step-by-step tutorial explains the flowchart intended to request and obtain a token for B2C connected vehicle API. First, you must identify your app on our website, then we will see how to get a bearer token and finally an example of request with this token.
Required info:
client_id
: your APP ID in Stellantis (ex-Groupe PSA) developer platform.client_secret
: your APP Secret in Stellantis (ex-Groupe PSA) developer platform.authorization grant
: this grant is your user identification in Stellantis (ex-Groupe PSA) system.bearer token
: this token allows your app to access vehicle data of one of your users.
At the end of this process you will have everything you need to consume our B2C API for connected vehicles.
This schema explains the whole process:
1. REGISTER YOUR APP #
1.1 DEVELOPER ACCOUNT #
- Start by clicking on Create an account in the top right corner.
- Specify your info: enter your name, email address, a password and the name of your organization.
- Read and accept the terms and conditions, do not forget the CAPTCHA.
- Then click on create a new account to validate the creation of your account.
- You will receive an activation email, please use the link to confirm your account.
1.2 REGITSER YOUR APP #
Once your account is created and confirmed, you will be able to login on the website. To do so, click on login link in the top right corner of PG4D website.
Next step is to create your application. This process will create an identifier for your app in Stellantis’s (ex-Groupe PSA) information system:
- Please browse the APP tab in the nav bar.
- Then choose the create a new app button.
- Choose a name (required), type a description (optional) and fill the redirect OAuth2 redirection URI (you can modify this one later).
- Finally, press submit.
- Save your
client_id
&client_secret
.
Be careful: once your app has been submitted, you will be redirected to a page with your app info. At the top of the window, your
client_secret
will be displayed (you have to toggle Show Client Secret). This is the ONLY time it will be displayed on the website, you will then only be able to verify or reset it, so please write it down somewhere and keep it safe. You can retrieve yourclient_id
at any time: go to the APP tab > select your APP > toggle show Client ID.
1.3 SELECT PRODUCTS #
Now you have an account hosting your APP:
- You can browse available API on API Product tab.
- Then select Connected Car - B2C in the list.
- Choose a plan by clicking on subscribe, select your app and press subscribe again.
For your requests to the API, you must use your client_id
, client_secret
and an access token
.
2. ACCESS TOKEN #
Stellantis End User API for ex Groupe PSA brands (Citroën, DS, Peugeot, Opel and Vauxhall) use authentication based on OAuth2. The process to connect to the API require that you get an access token in exchange for a Grant of your user.
2.2 REQUEST #
1
2
3
4
5
6
$ curl \
--request POST \
--url 'https://idpcvs.{brand.tld}/am/oauth2/access_token' \
--header 'Authorization: Basic <(client_id:client_secret)base64>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'realm=<realm>&grant_type=password&password=<password>&username=<username>&scope=profile%20openid' \
Type | Name | Value | Description | Required |
---|---|---|---|---|
Path param | {brand.tld} |
<brand.tld> |
Depend on the vehicle brand: - Peugeot: peugeot.com - Citroen: citroen.com - DS: driveds.com - Opel: opel.com - Vauxhall: vauxhall.co.uk |
Yes |
Query param | grant_type |
password |
Use OAuth2 password method. | Yes |
Query param | password |
<password> |
User password. | Yes |
Query param | username |
<username> |
User username id. | Yes |
Query param | scope |
profile%20openid |
Scope is profile openID. | Yes |
Query param | realm |
<realm> |
Realm of the brand: - Peugeot: clientsB2CPeugeot - Citroen: clientsB2CCitroen - DS: clientsB2CDS - Opel: clientsB2COpel - Vauxhall: clientsB2CVauxhall |
Yes |
Header | authorization |
Basic <(client_id:client_secret)base64> |
Indicate that authentication is Basic Auth and <(client_id:client_secret)base64> means that you have to pass client_id:client_secret of your application encoded in Base64. |
Yes |
Header | content-type |
application/x-www-form-urlencoded |
Indicate content-type of your submited resource. | Yes |
2.1 RESPONSE #
Here is the description of the JSON response:
1
2
3
4
5
6
7
8
{
"scope": "openid profile",
"expires_in": 3599,
"token_type": "Bearer",
"refresh_token": "4f5f3749-0738-40ed-973c-0572b5ec2048",
"id_token": "eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlM",
"access_token": "4213cf9e-f9a6-4ec8-be9e-568d715e3029"
}
Name | Value | Description |
---|---|---|
scope |
list of scopes |
Scope list. |
expires_in |
<seconds> |
Period of validity in seconds. Default is 24 hours. |
token_type |
Bearer |
Token type is always Bearer. |
refresh_token |
<uuid> |
Refresh token can be used to replace user:password as described in Oauth2 spec. |
id_token |
openID |
OpenID token. |
access_token |
<uuid> |
This is the access token you have to use to consume the API. |
3. CONNECTION EXAMPLE #
Once you get your token, you can test your bearer by requesting the B2C API:
1
2
3
4
5
6
$ curl \
--GET \
--url 'https://api.groupe-psa.com/connectedcar/v4/user/vehicles' \
--data 'client_id=<client_id>' \
--header 'Authorization: Bearer <access_token>' \
--header 'x-introspect-realm: <realm>' \
Type | Name | Value | Description | Required |
---|---|---|---|---|
Query parameter | client_id |
<App_ID> |
Id of the application. | Yes |
Header | Authorization: |
Bearer <access_token> |
Granted token allowing to consume the API. | Yes |
Header | x-introspect-realm: |
<realm> |
Realm of the brand: - Peugeot: clientsB2CPeugeot - Citroen: clientsB2CCitroen - DS: clientsB2CDS - Opel: clientsB2COpel - Vauxhall: clientsB2CVauxhall |
Yes |
Header | Accept: |
application/hal+json |
Advertises that you accept JSON content type. | Yes |
If your request is valid, then you should receive that kind of HTTP response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
"_links": {...},
"total": 2,
"_embedded": {
"vehicles": [
{
"id": ,
"vin": "VR3ATTENTJY236996",
"brand": "Peugeot",
"pictures": [],
"_links": {...}
},
{
"id": ,
"vin": "VR300054456744033",
"brand": "Peugeot",
"_links": {...}
},
]
},
"currentPage": 1,
"totalPage": 1
}
SEE ALSO #
TUTORIAL
A Quick Start guide is provided to help you understand the basics and get started.
TRY OUT!
Retrieve all reference of this API, go to the API List.