Management Access Token
The Management Access Token is used to perform actions on behalf of the service provider. For example, creating a new user or retrieving the charge sessions for all the users in your Tenant.
Starter/Enterprise plan only
Management resources are only accessible for subscribers to the Starter or Enterprise plan.
The Demo / Free plan is limited to 1 user and therefore only requires a User Access token.
Client Credentials
Access to the Smart Charging API begins with your client_id
and client_secret
(also known as client credentials). The account holder(s) can access the client credentials through their account in the API portal. Please contact our sales team for more information if you do not have those.
Keep your credentials secret
Note that your client credentials give access to all functionality and user data in your account, so be sure to keep them secure!
Do not share your credentials in publicly accessible areas such as GitHub, client-side code, and so forth.
Obtaining a Management Access Token
Your client credentials are never used to access resources directly but are instead used to obtain tokens that are then used to access resources.
This token carries authorization to access all functionality and data within your account. As with the client credentials, this token must be kept secret and should not be used by a public client such as a mobile app or web app.
You can obtain these tokens from our Identity Provider Auth0. You can request the token with the OAuth2 client credentials flow, using your client_id
and client_secret
.
Requesting a token is as simple as:
curl -X POST 'https://jedlix-b2e.eu.auth0.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={your client_id}' \
--data-urlencode 'client_secret={your client_secret}' \
--data-urlencode 'audience=https://smartcharging.jedlix.com'
You will receive the token in the response in the field access_token
. This is the token you need to pass on the request to the API in the Authorization
header.
For QA the audience should be https://qa-smartcharging.jedlix.com
.
Refreshing your access token
Your management access token is valid for 14 days and should be cached until it expires. Request a new access token using the method above before the expiration moment.
Scopes
The Smart Charging API uses scopes to authorize whether your Management Access Token has permission to access a specific resource. When relevant, the scope
required by each endpoint is listed in the documentation for that endpoint. You can check the scopes assigned to your access token by decoding your JWT token (for example, here).
Missing Scopes?
If you lack certain scopes you would expect to have access to, please contact our sales team for more information.
Accessing resources
Together with your API key, you are good to go and ready to interact with the API. When accessing resources, the Management Access Token should be provided in a Bearer Authorization header as specified in RFC6750
Example: Retrieve a list of users
curl -X GET 'https://smartcharging.jedlix.com/api/v1/users' \
--header 'ApiKey: ExampleApiKey' \
--header 'Authorization: Bearer c3VwZXJzZWNyZXR0b2tlbmhlcmU='
HTTPS required
All API requests must use HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Updated 3 months ago