Download OpenAPI specification:
You can use the Authentication API to obtain Urban Sharing API authentication tokens. Tokens have a limited lifetime and must be refreshed at regular intervals. Before using the Authentication API, you must obtain API credentials from Urban Sharing. The API credentials include a Client ID and a Client Secret. Each client ID is valid for one Urban Sharing Fleet system and can be used to access multiple APIs. Which APIs are accessible depends on which roles you are granted. It is possible to request multiple client IDs for the same system if required.
| Date | Version | Notes |
|---|---|---|
| Thu Feb 15 2024 | 1.1.0 | Add OAuth endpoints Renamed auth/token endpoint to auth/me |
| Tue Aug 15 2023 | 1.0.0 | Initial release |
To obtain an authentication token, send a POST request to http://auth.api.urbansharing.com/auth/token. This is the only endpoint that does not require a valid token in the Authorization header. All other API requests must include a valid token in the Authorization header. e.g.
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6ImFwaV8xREhneXo3RHA0YkRYTXVJWktLb3hPMHkiLCJyb2xlcyI6WyJhcGkxIiwiYXBpMiJdLCJzeXN0ZW1JZCI6InRlc3Qtc3lzdGVtIiwiaWF0IjoxNjg4NjI4MDA4LCJleHAiOjE2ODg2MjkwMDh9.WtAnY1WR28U8NEZDePRpr-3UiHpTjB07GOXKp2dfeasIf the token is valid, the request will be processed. If the token is invalid, the request will be rejected with a 403 Forbidden response.
You can use curl to obtain a JWT token. Tokens expire after 60 minutes.curl -X POST https://auth.api.urbansharing.com/auth/token \
-H 'Content-Type: application/json' \
-d '{ "grantType": "client_credentials", "clientId": "your_client_id", "clientSecret": "your_client_secret" }'An authentication token is required to access Urban Sharing APIs. To request a token, provide a valid client ID and client secret credentials. API credentials can be obtained from Urban Sharing.
| grantType required | string Value: "client_credentials" Grant Type must always be "client_credentials" |
| clientId required | string A client ID can be obtained from Urban Sharing |
| clientSecret required | string A client secret can be obtained from Urban Sharing |
{- "grantType": "client_credentials",
- "clientId": "client576576",
- "clientSecret": "secret565ee65"
}{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
- "tokenType": "Bearer",
- "expiresIn": 3600,
- "expiresAt": "2021-01-01T00:01:00.000Z"
}Authenticate directly with service account credentials.
| accountId required | string The service account id |
| accountSecret required | string The service account secret |
{- "accountId": "asa_1234",
- "accountSecret": "my-account-secret"
}{- "token": "eyJhbGciOiJIUz...36POk6yJV_adQssw5c"
}Authenticate directly with an existing idtoken.
| provider required | string Enum: "google" "microsoft" Example: google The OAuth provider to use for authentication. |
| token required | string The third party id token, signed by the provider. |
{- "token": "eyJhbGciOiJIUz...36POk6yJV_adQssw5c"
}{- "token": "eyJhbGciOiJIUz...36POk6yJV_adQssw5c"
}Redirects to the OAuth provider for authentication.
| provider required | string Enum: "google" "microsoft" Example: google The OAuth provider to use for authentication. |
| redirect required | string Example: redirect=https://www.urbansharing.com The URL to redirect to after authentication. |
Returns data for the current authenticated user/token.
| uowid | string A globally unique unit of work ID generated by the client which allows Urban Sharing to track requests through our systems. If no header is provided it will be generated automatically at the time of arrival. The header and ID will be returned in the response. |
{- "id": 0,
- "sub": "api_1MpxBhayYfJP3r4p107i185E",
- "role": "bearer",
- "iat": 1700000000,
- "exp": 1700000000,
- "attrs": {
- "clientId": "api_1MpxBhayYfJP3r4p107i185E",
- "systemId": "oslobysykkel",
- "roles": [
- "maas",
- "operations"
]
}
}