Authenticating End Users from your app

After a user logs in to your application, they may request access to resources such as APIs. To grant access, each request must include a User Access Token in the form of a JSON Web Token (JWT).
The Access Token must include certain claims, including the issuer (iss), audience (aud), expiration time (exp), and a custom claim called jedlix_user_id which stores the user ID returned when a user is created on the platform.
Make sure to share your issuer and audience with the Smart Charging platform by emailing [email protected]. If these are not known, the token will not be accepted.
The Smart Charging API uses scopes to determine if the user has permission to access a specific resource. Each endpoint in the documentation will list the required scope.
To access user resources, include the User Access Token in a Bearer Authorization header as specified in RFC6750. For example, to retrieve a list of vehicles for a user:

curl -X GET 'https://smartcharging.jedlix.com/api/v1/users/{userId}/vehicles' \
    --header 'ApiKey: ExampleApiKey' \
    --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9'

❗️
HTTPS
All API requests must use HTTPS, and calls made over plain HTTP will fail. Requests without authentication will also fail.

❗️
Expired Tokens
Expired tokens are not accepted, so the Smart Charging API will check the exp claim with each call.

Authenticating End Users from your app

❗️
HTTPS

❗️
Expired Tokens

❗️HTTPS

❗️Expired Tokens

❗️
HTTPS

❗️
Expired Tokens