Guides
HomeFAQSupportSDK

Management Access Token

Suggest Edits

The Management Access Token is used to perform actions on behalf of the service provider. For example, creating a new user or retrieving the charge sessions for all the users in your Tenant.

📘

Starter/Enterprise plan only

Management resources are only accessible for subscribers to the Starter or Enterprise plan.
The Demo / Free plan is limited to 1 user and therefore only requires a User Access token.

Client Credentials

Access to the Smart Charging API begins with your client_id and client_secret (also known as client credentials). The account holder(s) can access the client credentials through their account in the API portal. Please contact our sales team for more information if you do not have those.

🚧

Keep your credentials secret

Note that your client credentials give access to all functionality and user data in your account, so be sure to keep them secure!
Do not share your credentials in publicly accessible areas such as GitHub, client-side code, and so forth.

Obtaining a Management Access Token

Your client credentials are never used to access resources directly but are instead used to obtain tokens that are then used to access resources.

This token carries authorization to access all functionality and data within your account. As with the client credentials, this token must be kept secret and should not be used by a public client such as a mobile app or web app.

You can obtain these tokens from our Identity Provider Auth0. You can request the token with the OAuth2 client credentials flow, using your client_id and client_secret.

Requesting a token is as simple as:

curl -X POST 'https://jedlix-b2e.eu.auth0.com/oauth/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'client_id={your client_id}' \
    --data-urlencode 'client_secret={your client_secret}' \
    --data-urlencode 'audience=https://smartcharging.jedlix.com'

You will receive the token in the response in the field access_token. This is the token you need to pass on the request to the API in the Authorization header.

For QA the audience should be https://qa-smartcharging.jedlix.com.

❗️

Refreshing your access token

Your management access token is valid for 14 days and should be cached until it expires. Request a new access token using the method above before the expiration moment.

Scopes

The Smart Charging API uses scopes to authorize whether your Management Access Token has permission to access a specific resource. When relevant, the scope required by each endpoint is listed in the documentation for that endpoint. You can check the scopes assigned to your access token by decoding your JWT token (for example, here).

📘

Missing Scopes?

If you lack certain scopes you would expect to have access to, please contact our sales team for more information.

Accessing resources

Together with your API key, you are good to go and ready to interact with the API. When accessing resources, the Management Access Token should be provided in a Bearer Authorization header as specified in RFC6750

Example: Retrieve a list of users

curl -X GET 'https://smartcharging.jedlix.com/api/v1/users' \
    --header 'ApiKey: ExampleApiKey' \
    --header 'Authorization: Bearer c3VwZXJzZWNyZXR0b2tlbmhlcmU='

❗️

HTTPS required

All API requests must use  HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Updated 4 months ago