The myConnectedFleet platform uses OAuth2 authentication. This guide covers how to obtain an access token and how to use it with different APIs.
1. Generating an OAuth2 Access Token
All API access requires an OAuth2 access token. Follow this process to obtain one.
Prerequisites
Contact your account manager to obtain:
- Client ID (
clientId)
- Client Secret (
clientSecret)
Request an Access Token
Make a POST request to the OAuth2 token endpoint.
Endpoint:
POST https://auth.masternautconnect.com/masternauth-oauth/oauth/accessToken
| Header | Value | Description |
|---|
Authorization | Basic <base64-encoded-credentials> | Your clientId and clientSecret encoded in Base64 |
Content-Type | application/x-www-form-urlencoded | Required to pass the grant_type |
clientId and clientSecret with a colon separator and encode in Base64:
echo -n "clientId:clientSecret" | base64
Y2xpZW50SWQ6Y2xpZW50U2VjcmV0
Request Body:
{
"grant_type": "client_credentials"
}
curl --location 'https://auth.masternautconnect.com/masternauth-oauth/oauth/accessToken' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0' \
--data-urlencode 'grant_type=client_credentials'
{
"success": true,
"accessToken": "B983854936PF1A7B61B141AB69494046",
"token_type": "bearer",
"expires_in": 2591999
}
| Field | Description |
|---|
success | true if authentication was successful |
accessToken | The OAuth access token to use in subsequent API requests |
token_type | The token type, will always be bearer |
expires_in | Token lifetime in seconds |
Keep your Client ID, Client Secret, and access tokens secure. Never expose them in client-side code or public repositories.
2. Bearer Token Authentication
This authentication method applies to the following APIs: Authorization header using the Bearer scheme.
Example Request:
curl --request GET \
--url https://api.masternautconnect.com/connect-webservices/services/public/v1/customer/{customerId}/tracking/live \
--header 'Authorization: Bearer B983854936PF1A7B61B141AB69494046' \
--header 'Content-Type: application/json'
| Header | Value | Description |
|---|
Authorization | Bearer <your-access-token> | Your OAuth2 bearer token |
Content-Type | application/json | Required for requests with a body |
The Job Management API uses a custom header instead of the standard Authorization header.
Example Request:
curl --request GET \
--url https://api.masternautconnect.com/job-management/v1/customer/{customerId}/jobs \
--header 'x-connect-token: TOKEN B983854936PF1A7B61B141AB69494046' \
--header 'Content-Type: application/json'
| Header | Value | Description |
|---|
x-connect-token | TOKEN <your-access-token> | Your OAuth2 bearer token with TOKEN prefix |
Content-Type | application/json | Required for requests with a body |
Note the TOKEN prefix before the access token value. This is required for the Job Management API.
Token Management Best Practices
- Token Expiration: OAuth tokens have a limited lifetime. Implement token refresh logic in your application.
- Secure Storage: Store client credentials and tokens securely using environment variables or secret management systems.
- Error Handling: Implement proper error handling for authentication failures and token expiration scenarios.
- Token Reuse: Cache and reuse valid tokens across multiple requests to minimize authentication overhead.
