Nissan

Developer Documentation

Request and receive connected-vehicle data directly from our APIs — under the EU Data Act, with owner consent at the core.

What Programmatic Access is

Programmatic Access lets your application request and receive vehicle data — historical, last-known, and real-time — directly from our APIs under the EU Data Act (EUDA). You register an integration once, receive credentials, and then call the data-request APIs to create requests, track their status, and retrieve delivered data.

Three things are true of every integration, and they shape everything else in this guide:

  • Access is read-only. The B2B integration realm is a zero-trust, read-only environment. You can request data about a vehicle; you cannot send commands to a vehicle (no door unlock, no engine start). Those capabilities live in a separate fleet realm and are not exposed here.
  • The vehicle owner is always in control. Data only flows after the owner has explicitly consented to the specific data you asked for, for the specific purpose you stated. You initiate; the owner approves. There is no path that bypasses owner consent.
  • The platform meters and bills automatically. Pricing, payment, and invoicing are enforced by the platform before any backend service runs. Your backend never handles pricing logic — you register a payment method and the platform does the rest.

If you have integrated with OAuth providers or other consent-gated data APIs before, the overall shape will feel familiar. The one concept that is easy to under-estimate — and the one that causes the most integration bugs — is consent as a first-class, owner-controlled lifecycle that is independent of your access tokens. The Consent section is the most important in this guide; read it before you write code.

How a data request works (the mental model)

There are three actors:

ActorWhoRole
You (the integrator)A B2B organization: insurer, leasing co., energy aggregator, repairer, mobility operator, data intermediaryInitiates data requests on behalf of, or with the permission of, a vehicle owner
The vehicle owner (B2C)The natural person linked to the VINGrants, denies, or revokes consent in their own secure portal
The platformNissan Connected Data Platform (NiCoDaP), the EUDA data-access platform on top of the connected-vehicle infrastructureValidates, gates, meters, bills, and delivers

Every request follows the same arc, regardless of integration model or data family:

Create request — VIN + package(s)
Owner consents in secure portal
3-Gate authorization (governance, scope, ownership)
Deliver data (file / JSON / stream)

The request does not return data synchronously at creation time. Creating a request returns a requestId and a status. You then either poll the status or subscribe to a webhook to learn when consent is granted and data is ready. Only when the request reaches APPROVED with consent GRANTED does data become retrievable.

The three authorization gates

Before any data is read, every request passes through a centralized compliance engine — three sequential gates. If any gate fails, the request is terminated immediately. You don't call these gates; they run for you. Knowing they exist explains why a request can be rejected even when your call is well-formed.

Data access request
Gate 1: Governance — entity allowed?
Gate 2: Consent scope — granted?
Gate 3: Ownership window — valid for dates?
Authorized — deliver
Any gate failing terminates the request immediately — no data is returned.
GateQuestion it answersWhat it checks
1 — GovernanceIs this B2B entity legally allowed to receive data?Global sanctions lists and the EUDA "gatekeeper" blocklist. Restricted entities are blocked.
2 — Policy (consent)Has the owner granted this specific scope?The requested package/scope against the active consent ledger for that VIN. Enforces data minimization.
3 — Dynamic (entitlement)Did this owner own this vehicle during the requested window?The temporal intersection of your request window and the owner's vehicle-ownership window, plus privacy-mode filters. Prevents leakage across previous/subsequent owners.

Gate 3 is why a historical request can succeed but return less data than the full date range you asked for: only the portion of the window during which the consenting owner actually owned the vehicle is eligible.

Data families: what you can request

Every service package belongs to one of three families. The family determines the delivery mechanism, the request endpoint, and the billing model. List the packages available to your account before creating a request (see the service-package catalog); use the returned package id values in your request body.

FamilyWhat it providesHow it's deliveredBilling
HistoricalTime-series history over a date range — one-off or recurring (periodic)Async file: zipped CSVs via a time-limited pre-signed download URLPrepaid per request (one-off); subscription (periodic)
Last Known ValueThe most recent known value(s); no date rangeSynchronous JSON, last-known valuePrepaid per call
Real-TimeLive telematics for an approved vehiclePull: read a resource snapshot on demand. Push: webhook events on state changeSubscription (aggregated monthly)

Notes that matter in practice:

  • Data availability is vehicle-dependent. For retrieving recorded values, a given vehicle supports either the Historical (time-series over a date range) option or the Last Known Value option — not necessarily both. Some vehicle models expose only the last-known-value service. Always rely on the service-package catalog and the package type to see what is actually available for your account and the vehicles you query, rather than assuming a vehicle supports historical.
  • Real-time delivery is event-driven, not a raw firehose. Subscriptions surface meaningful events — e.g., journey completed, charge-state changed, safety fault — rather than continuous raw pings. This protects your receiving infrastructure. Pull reads give you the latest known state on demand.
  • A resource can legitimately return no dataif the vehicle doesn't support it. For example, the charging resource returns 404 for non-EV (ICE) vehicles.
  • Very high-volume continuous telemetry is out of scope here. Webhook-based delivery is designed for self-serve SME-to-mid scale. If your run-rate or frequency needs grow past the threshold for managed streaming, that is a managed high-throughput streaming tier conversation — contact your account team rather than working around webhook limits.

Billing: how and when you are charged

Billing is enforced by the platform, not your backend. The model depends entirely on the data family / request type — not on whether the call came from an M2M backend or an app.

The prerequisite: a valid payment method

Your API credentials remain suspended until your B2B account has a complete billing profile and a valid default payment method (a credit or debit card). Until then, data-request calls are blocked. Add a payment method in account settings to activate.

Pricing tier

Pricing is rendered dynamically by account type:

  • SME — EUDA margin-free rate.
  • Large Enterprise — commercial rate.

You don't pass a price; the platform computes it from your account type and the requested package.

Workflow A — One-off historical & last-known (strict prepaid)

Request created
Pre-authorization hold for exact price
Owner consents
Payment captured + invoice issued
Extraction runs — download URL returned

A pre-authorization hold is placed for the exact price when the request is created. Payment is captured only at the moment consent is granted; if the owner never consents, the hold is released and nothing is charged.

Workflow B — Recurring subscriptions (periodic & real-time, postpaid aggregated)

Payment method validated
Owner consents
Subscription active — routing rule per VIN
1st of month: sum active consented VINs
Single consolidated charge

Because consented VINs can be added or revoked organically throughout the month, individual VINs are not charged per transaction. Instead, on the 1st of each month, an aggregated billing job sums all active, consented VINs for your account over the prior month and raises a single consolidated charge.

Invoices & retention

Invoices are generated at capture (Workflow A) or at the monthly aggregation (Workflow B) and are available in the portal. Financial records are retained for tax-compliance purposes independently of account deletion.

Design takeaway: for one-off/historical, expect a hold→capture sequence tied to consent; for subscriptions, expect a single monthly charge and design your reconciliation around the 1st-of-month aggregation rather than per-VIN events.

Choose your integration model: M2M vs. App (PKCE)

You pick the authorization model when you create the integration, and it cannot be changed afterwards. If you need both, create two integrations.

Server-to-Server (M2M)Authorization Code + PKCE (App)
Best forBackend services acting on behalf of your organizationApps acting on behalf of an individual vehicle owner
Grantclient_credentialsauthorization_code
Credentialsclient_id + client_secretclient_id only (public client + PKCE; no secret)
User loginNot requiredRequired (owner consents via browser redirect)
Redirect URLsNot usedRequired at registration; exact-match enforced
How consent is capturedOwner approves via emailed secure deep-linkOwner approves inline on the Nissan login/consent screen
Tokens used on readsaccess_token onlyaccess_token + X-Id-Token (dual-token)
API base path/cms/m2m/.../cms/oauth/...

Rule of thumb: if a human owner is present in your UX and you want them to authenticate and consent in the moment, use App (PKCE). If you're running unattended backend jobs against VINs your organization is permitted to act for, use M2M and rely on email-link consent capture. Both share the same package catalog, the same data-request lifecycle, and the same billing model.

Before you begin

Make sure the following are in place for your B2B account. Data requests are blocked until every gate below passes.

  • An active B2B account (not suspended), and your organization is not on a sanctions/gatekeeper blocklist (Gate 1).
  • A complete billing profile with a valid default payment method (a credit or debit card). Until this exists, your API credentials are suspended.
  • Accepted platform terms and Data Terms & Conditions.
If a request is rejected for account, billing, or T&C reasons, resolve it in account settings and retry. These are not transient errors — retrying without fixing the gate will fail again.

Development vs. production: a development account is sandboxed and vehicle-count-limited for PoC and pre-prod validation; a primary account runs live, contracted services. Build and validate against development first.

Create an integration & get credentials

From the Programmatic Access tab, choose Create Integration and complete the form:

  • Application name (3–50 characters).
  • Authorization model — M2M or Authorization Code. Immutable after creation.
  • Redirect URLs — required for Authorization Code. These are the only URLs the authorize step will redirect back to (exact match).
  • Purpose of the integration (shown to owners in the consent prompt).
  • Service packages you intend to request.
  • Accept the Data Terms & Conditions.

Submit to register. You can later update most fields, but the authorization model stays fixed.

Your credentials

After creation, credentials are shown once in a popup. Store them securely before closing it (you can also download a PDF summary).

  • M2M: a client_id and a client_secret (the secret is shown only once).
  • Authorization Code: a client_id only (no secret — security comes from PKCE).
Treat the client secret like a password.Never embed it in browser or mobile apps. If it's lost or leaked, regenerate it from the integration's actions menu — the old secret stops working immediately.

Browse the service-package catalog

A service package defines the data a request can access, and which family/billing it falls under. List what's available to your account before creating a request:

M2M

GET {API_BASE}/cms/m2m/accounts/{account_id}/service-packages?dataType=HISTORICAL|REAL_TIME

App (PKCE) — same shape, OAuth path + dual-token headers:

GET {API_BASE}/cms/oauth/accounts/{account_id}/service-packages?dataType=HISTORICAL|REAL_TIME

Each package returns at least an id, name, description, and type. Use the package id values in the packages array when you create a data request. The catalog is the source of truth for what a given vehicle/account supports — including whether historical time-series or only last-known-value reads are available (see Data families).

Quickstart A — Server-to-Server (M2M)

Backend service, no interactive login. Consent is captured via an emailed secure link to the owner.

  1. Your backend → Platform API: POST /cms/m2m/token (client credentials)
  2. Platform API → Your backend: access_token
  3. Your backend → Platform API: POST data-request (VIN, package, owner email)
  4. Platform API → Vehicle owner: Email secure consent link
  5. Platform API → Your backend: requestId, status = PENDING
  6. Vehicle owner → Platform API: Approve in secure portal
  7. Platform API → Your backend: Webhook CONSENT_GRANTED (or poll status)
  8. Your backend → Platform API: GET data (deliveries / resource)
  9. Platform API → Your backend: Pre-signed download URL or JSON

Step 1 — Get an access token

Exchange your account ID and client credentials for a bearer token:

curl
curl -X POST "{API_BASE}/cms/m2m/token" \
  -H "Content-Type: application/json" \
  -d '{
    "account_id": "YOUR_ACCOUNT_ID",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
  }'

The response contains an access_token and its expires_in lifetime. Send it on every subsequent call:

http
Authorization: Bearer <access_token>
Remember: a valid token is necessary but not sufficient to read data. Entitlement is consent-gated (see Consent).

Step 2 — Create a data request

Use the endpoint that matches the package family:

POST/cms/m2m/accounts/{account_id}/realtime/data-requests
POST/cms/m2m/accounts/{account_id}/historical/data-requests

A request identifies a vehicle (17-character vin), the vehicle user's email (used to notify the owner for consent), and one or more package id values. Historical requests also take requestType (ONE_OFF or PERIODIC), a date range, and — for periodic — a frequency. The exact field names and validation rules are in the API reference.

What happens behind the scenes: the platform runs synchronous validations (valid VIN, resolvable user, active ownership pairing, EUDA temporal limits — see Compliance constraints), creates a PENDING record, sets up the billing hold (Workflow A) or validates the payment method (Workflow B), and emails the owner a secure approval link. The call returns a requestId and status — no data yet.

Step 3 — Monitor the request

Poll the list endpoints (filter by vin, requestStatus, consentStatus, with paging), or subscribe to a webhook to be pushed status changes:

GET/cms/m2m/accounts/{account_id}/realtime/data-requests
GET/cms/m2m/accounts/{account_id}/historical/data-requests

Wait for requestStatus = APPROVED and consentStatus = GRANTED. See Data-request lifecycle & statuses.

Step 4 — Retrieve data

Historical — list deliveries, then fetch a time-limited download URL:

GET/cms/m2m/accounts/{account_id}/historical/data-requests/{requestId}/data-deliveries
GET/cms/m2m/accounts/{account_id}/historical/.../data-deliveries/{dataDeliveryId}/download

Real-time — once approved, read a telematics resource directly:

GET/cms/m2m/accounts/{account_id}/realtime/vehicles/{vin}/{resource}

See the real-time telematics catalog for valid {resource} values.

Quickstart B — Authorization Code + PKCE (App)

Use this when an individual owner authorizes your app. PKCE means no client secret.

  1. Your app: Generate PKCE verifier + challenge
  2. Your app → Platform API: Redirect owner to /authorize (challenge)
  3. Platform API → Nissan IdP: Redirect for login
  4. Vehicle owner → Nissan IdP: Authenticate
  5. Nissan IdP → Vehicle owner: Consent prompt
  6. Vehicle owner → Nissan IdP: Approve
  7. Platform API → Your app: Redirect to callback (auth code)
  8. Your app → Platform API: POST /cms/oauth/token (code + verifier)
  9. Platform API → Your app: access_token + id_token + refresh_token
  10. Your app → Platform API: GET data (Authorization + X-Id-Token)
  11. Platform API → Your app: Data

Step 1 — Generate a PKCE verifier and challenge (per authorization attempt)

javascript
// Keep the verifier private; send only the challenge to /authorize.
const verifier = base64url(crypto.getRandomValues(new Uint8Array(32)));
const digest = await crypto.subtle.digest(
  "SHA-256",
  new TextEncoder().encode(verifier)
);
const codeChallenge = base64url(new Uint8Array(digest));

Step 2 — Redirect the owner to the authorize endpoint

GET/cms/oauth/authorize
text
{API_BASE}/cms/oauth/authorize
  ?account_id=YOUR_ACCOUNT_ID
  &client_id=YOUR_CLIENT_ID
  &redirectUri=https://your-app.example.com/callback
  &codeChallenge=BASE64URL_SHA256_OF_VERIFIER
  &codeChallengeMethod=S256

The owner logs in via the Nissan IdP, sees the plain-language consent prompt for the scopes you requested, approves, and is redirected back to your redirectUri with an auth code.

redirectUri must exactly match one of the redirect URLs registered for the integration, or the request is rejected.

Step 3 — Exchange the code for tokens (on your callback, using the original verifier)

POST/cms/oauth/token
curl
curl -X POST "{API_BASE}/cms/oauth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "code": "AUTH_CODE_FROM_CALLBACK",
    "redirect_uri": "https://your-app.example.com/callback",
    "client_id": "YOUR_CLIENT_ID",
    "code_verifier": "ORIGINAL_VERIFIER"
  }'

You receive an access_token, an id_token, and a refresh_token.

Step 4 — Call owner-scoped APIs with dual tokens

Every /cms/oauth/accounts/... call requires both headers:

http
Authorization: Bearer <access_token>
X-Id-Token: <id_token>

The owner-scoped endpoints mirror the M2M ones:

GET/cms/oauth/accounts/{account_id}/realtime/data-requests
GET/cms/oauth/accounts/{account_id}/historical/data-requests
POST/cms/oauth/accounts/{account_id}/realtime/data-requests
POST/cms/oauth/accounts/{account_id}/historical/data-requests
GET/cms/oauth/accounts/{account_id}/realtime/vehicles/{vin}/{resource}

Step 5 — Refresh tokens before they expire

The refresh token rotates on each use — store the new one each time:

POST/cms/oauth/token/refresh
curl
curl -X POST "{API_BASE}/cms/oauth/token/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "YOUR_CLIENT_ID",
    "refreshToken": "YOUR_REFRESH_TOKEN"
  }'
Refreshing a token has no effect on consent.If the owner revoked consent or the term expired, refreshed tokens still won't return data — handle that as an expected condition, not a bug.

Data-request lifecycle & statuses

A request moves through several states as the owner consents and data is delivered. Poll the list endpoints or use webhooks to track it. These are the authoritative enums returned by the API:

FieldValues
requestStatusPENDING, ACTIVE, APPROVED, DECLINED, COMPLETED, REVOKED, CANCELLED, INVALID, EXPIRED
consentStatusPENDING, GRANTED, REVOKED, EXPIRED, DENIED, SUPERSEDED
package statusPENDING, GRANTED, DENIED, EXPIRED, REVOKED
requestTypeHISTORICAL, REAL_TIME, ONE_OFF, PERIODIC
frequencyMONTHLY, WEEKLY (periodic only)

The consent lifecycle, in brief:

TransitionWhen
PENDING → APPROVEDOwner grants
PENDING → DECLINEDOwner denies
PENDING → EXPIREDNo action in window
APPROVED → COMPLETEDOne-off delivered
APPROVED → REVOKEDOwner revokes
APPROVED → EXPIREDTerm ends

How to read the statuses together:

  • PENDING / consentStatus = PENDING — created, owner notified, awaiting action. No data.
  • APPROVED + GRANTED — the only state in which data is retrievable. Real-time reads and historical deliveries are available here.
  • DECLINED / consentStatus = DENIED — owner rejected. Terminal; initiate a new request if still needed.
  • EXPIRED (request) / consentStatus = EXPIRED — either the request lapsed before the owner acted, or the consent term ended. Terminal; create a fresh request.
  • REVOKED — owner revoked an active grant; data stops immediately. Terminal for that grant.
  • SUPERSEDED (consent) — a newer consent grant has replaced this one (e.g., re-scoped request).
  • COMPLETED — a one-off request whose delivery has been fulfilled.
  • INVALID / CANCELLED — failed validation (bad VIN, no ownership link, etc.) or was cancelled.
Don't gate your data reads on your token state. Gate them on requestStatus = APPROVED and consentStatus = GRANTED.

Retrieving data

Historical (file delivery)

Historical results are prepared asynchronously and delivered as zipped CSVs via a time-limited pre-signed download URL (session/IP- restricted). The flow:

  1. Request reaches APPROVED + GRANTED and (Workflow A) payment is captured.
  2. List deliveries: GET .../historical/data-requests/{requestId}/data-deliveries.
  3. Fetch the download URL: GET .../data-deliveries/{dataDeliveryId}/download.
  4. Download promptly — the URL expires.

If you created the request via API and subscribed to webhooks, you'll receive a delivery-ready event instead of needing to poll.

Last-known value

Last-known packages return the most recent known value(s) synchronously as JSON — no date range, no async file. Availability is vehicle-dependent (see Data families); expect a single response per call.

Real-time (pull)

Once APPROVED + GRANTED, read the latest known state of a resource on demand:

GET {API_BASE}/cms/{m2m|oauth}/accounts/{account_id}/realtime/vehicles/{vin}/{resource}

Real-time (push)

Subscribe a webhook to receive events on state change instead of polling. Real-time push is event-driven (e.g., journey completed, charge-state changed, safety fault).

Real-time telematics catalog

Real-time resources are read per vehicle via .../realtime/vehicles/{vin}/{resource}. Available {resource} values:

ResourceDescription
locationCurrent GPS position
cockpitOdometer, fuel/energy and cockpit readouts
chargingEV charging state (EV only; 404 for ICE vehicles)
hvacClimate / HVAC state
tirepressureTire pressure readings
occupancySeat occupancy / belt status
visibilityLights and visibility-related state
adasAdvanced driver-assistance state
behaviorDriving-behavior signals
securityDoors, locks and alarm state
healthstatusVehicle health / diagnostic status
A resource may return no data if the vehicle doesn't support it. charging returns 404 for non-EV (ICE) vehicles. This is expected, not an error in your integration.

Webhooks

Subscribe a webhook to receive push notifications instead of polling — for consent status changes, historical delivery readiness, and real-time events.

  1. Platform → Your endpoint: Challenge value
  2. Your endpoint → Platform: Echo challenge
  3. Platform: Save subscription (active)
  4. Platform → Your endpoint: POST event + X-NiCoDap-Sig (HMAC-SHA256)
  5. Your endpoint: Verify signature, then process

What you provide

  • A publicly reachable HTTPS callback URL.
  • An HMAC key (up to 32 characters) used to sign payloads so you can verify authenticity.

Manage subscriptions from the portal (or the webhook API, where available).

Registration handshake (ownership challenge)

When you register a callback URL, the platform verifies you own it before it will send events:

  1. The platform sends a challenge to your URL.
  2. Your endpoint must echo the challenge back in the response.
  3. On a match, the subscription is saved and set active.

Runtime delivery & signature verification

At runtime, the platform POSTs each event to your URL with an HMAC-SHA256 signature computed over the body using your shared HMAC key, carried in the X-NiCoDap-Sig header.

Always validate the signature before processing any payload. Recompute HMAC-SHA256(body, your_hmac_key) and compare to the header; reject on mismatch.

Events to expect

  • Consent lifecycle changes — e.g., consent granted, denied, revoked, expired (carrying the requestId).
  • Historical delivery ready — file download is available.
  • Real-time telemetry push — e.g., the telemetry-push event and event-driven topics such as journey completed, charge-state changed, and safety fault, depending on the subscribed package.
Real-time push is intentionally event-driven (aggregated, meaningful events) rather than raw high-frequency telemetry, to protect your receiving infrastructure.

Compliance constraints you must design for

These are EUDA/GDPR constraints enforced by the platform. Designing for them up front avoids confusing rejections and partial results.

Temporal limits on historical requests

  • Earliest requestable date: 12 September 2025 (EUDA effective date). You cannot request data older than this.
  • Maximum 90 days per historical request. Split longer ranges into multiple requests.
  • Lookback limited to ~3 years. Older history is not available.

Ownership / entitlement (Gate 3)

  • Data is only eligible for the portion of your requested window during which the consenting owner actually owned the vehicle. A valid request can therefore return a shorter window than asked.
  • Entitlement resolution differs by vehicle generation: for older generations an active ownership link suffices; newer generations additionally verify the active driver against the linked owner. The net effect for you: don't assume every request yields the full range — handle partial results.

Data minimization (Gate 2)

  • You receive exactly the packages/scopes the owner approved. Need more? Initiate a new request.

Governance (Gate 1)

  • Sanctioned or gatekeeper-designated entities are blocked at login and at request time.

Retention & deletion

  • Delivered files and decisions are retained as audit records under the platform's retention policy. Financial records persist for tax compliance even after account deletion.

Errors & troubleshooting

SymptomLikely cause / fix
401On /cms/oauth/accounts/... calls: missing or invalid X-Id-Token. Owner-scoped calls need both the access token and the id token.
401 token expiredRefresh with /cms/oauth/token/refresh (App) or request a new token (M2M).
Real-time read returns 4xx / no dataNo APPROVED request with GRANTED consent exists for that VIN/package yet — or consent was revoked/expired. Check requestStatus + consentStatus, not your token.
charging returns 404The vehicle is ICE (non-EV); charging is EV-only. Expected.
Historical result smaller than requested rangeGate 3 trimmed the window to the consenting owner's ownership period. Expected under EUDA.
Authorize rejects the redirectredirectUri does not exactly match a registered redirect URL.
Request blocked at creationAn onboarding gate failed: suspended account, incomplete billing / no valid payment method, unaccepted Data T&C, or a gatekeeper/sanctions block. Fix in settings; retrying without fixing will fail again.
Request goes INVALID immediatelyValidation failed — invalid VIN, unresolvable user email, or no active owner–VIN pairing.
Consent never granted, request EXPIREDOwner didn't act within the consent window. The link is dead; initiate a new request.
Download link doesn't workPre-signed URLs are time- and session/IP-limited. Re-fetch a fresh URL from the deliveries endpoint.
Webhook events not arrivingRegistration challenge wasn't echoed correctly, or your URL isn't reachable over HTTPS. Re-verify the subscription.
Charged differently than expectedOne-off/historical is prepaid (hold→capture on consent); subscriptions are billed via a single aggregated charge on the 1st. SME vs. Large rates differ.

Rate limits & operational notes

  • The API Gateway applies rate-limiting policies. Build in retry-with-backoff and treat 429 as transient.
  • Validate against a development account (sandboxed, vehicle-count-limited) before going to production.
  • Real-time/webhook delivery suits self-serve SME-to-mid volumes. If sustained run-rate or frequency grows beyond the platform's managed-streaming threshold, that's a managed high-throughput streaming tier conversation — contact your account team rather than working around webhook limits.
  • Token hygiene: store the rotating refresh token after every refresh (App); never ship the client secret to a client device (M2M).

Glossary

TermMeaning
Account IDYour B2B account identifier, used in API paths and the M2M token request.
Client ID / SecretIntegration credentials. The secret applies to M2M only.
VIN17-character Vehicle Identification Number.
PackageA catalog entry defining the data a request can access; consent and billing are granted at the package level.
Data familyHistorical, Last Known Value, or Real-Time — determines delivery and billing.
ConsentThe vehicle owner's explicit, scope-specific, time-bounded, revocable approval for a data request.
Consent vs. tokenTwo independent lifecycles. Tokens authenticate your client; consent authorizes data. Both must be valid.
3-Gate engineThe sequential governance → consent-scope → ownership-time authorization run on every data access.
EntitlementWhether the consenting owner owned the vehicle during the requested window (Gate 3).
Gatekeeper / blocklistEUDA-designated restricted entities blocked from receiving data (Gate 1).
PKCEProof Key for Code Exchange — secures the Authorization Code flow without a client secret.
Dual-tokenSending both Authorization: Bearer and X-Id-Token on owner-scoped (/cms/oauth/...) calls.
Pre-auth hold / captureA hold is placed at request time and captured when the owner consents (one-off/historical).
Aggregated billingA single monthly charge on the 1st covering all active, consented VINs (subscriptions).
SME / Large EnterpriseAccount tiers; SME gets the EUDA margin-free rate, Large the commercial rate.
Pre-signed URLA time- and session-limited download link for historical file deliveries.

API reference (Swagger)

The reference below is generated from the live OpenAPI specification. Use it for exact request/response schemas and to try endpoints interactively.

In the portal, the interactive Swagger UI is embedded below. The OpenAPI document is served (per environment) from:

{API_BASE}/cms/openapi-by-tag.json?tags=b2b-developer-data-requests,realtime-data