Skip to main content
The myConnectedFleet platform provides two authentication methods depending on the API you are using. This guide covers how to authenticate with each method.

1. Core API — Basic Authentication

This authentication method applies to the Core API.
The Core API uses HTTP Basic Authentication. Include your credentials directly in the Authorization header of every request.

Prerequisites

Contact your account manager to obtain:
  • Username (clientId)
  • Client Secret (clientSecret)

Create the Authorization Header

Combine your clientId and clientSecret with a colon separator and encode in Base64: 
echo -n "clientId:clientSecret" | base64
Example result: Y2xpZW50SWQ6Y2xpZW50U2VjcmV0

Example Request

curl --request GET \
  --url https://api.masternautconnect.com/connect-webservices/services/public/v1/customer/{customerId}/tracking/live \
  --header 'Authorization: Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0' \
  --header 'Content-Type: application/json'

Required Headers

HeaderValueDescription
AuthorizationBasic <base64-encoded-credentials>Your clientId and clientSecret encoded in Base64
Content-Typeapplication/jsonRequired for requests with a body
Keep your Client ID and Client Secret secure. Never expose them in client-side code or public repositories.

2. Other APIs — OAuth2 Bearer Token Authentication

This authentication method applies to the following APIs:
These APIs require an OAuth2 access token. Follow the steps below to obtain a token and use it in your requests.

Prerequisites

Contact your account manager to obtain:
  • Client ID (clientId)
  • Client Secret (clientSecret)

Step 1: Generate an OAuth2 Access Token

Make a POST request to the OAuth2 token endpoint. Endpoint: 
POST https://auth.masternautconnect.com/masternauth-oauth/oauth/accessToken
HTTP Headers:
HeaderValueDescription
AuthorizationBasic <base64-encoded-credentials>Your clientId and clientSecret encoded in Base64
Content-Typeapplication/x-www-form-urlencodedRequired to pass the grant_type
Create the Authorization Header: Combine your clientId and clientSecret with a colon separator and encode in Base64: 
echo -n "clientId:clientSecret" | base64
Example result: Y2xpZW50SWQ6Y2xpZW50U2VjcmV0 Request Body: 
{
  "grant_type": "client_credentials"
}
Example Request: 
curl --location 'https://auth.masternautconnect.com/masternauth-oauth/oauth/accessToken' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'Authorization: Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0' \
  --data-urlencode 'grant_type=client_credentials'
Response: 
{
  "success": true,
  "accessToken": "B983854936PF1A7B61B141AB69494046",
  "token_type": "bearer",
  "expires_in": 2591999
}
FieldDescription
successtrue if authentication was successful
accessTokenThe OAuth access token to use in subsequent API requests
token_typeThe token type, will always be bearer
expires_inToken lifetime in seconds

Step 2: Use the Access Token

Standard Bearer Token (Smart Tire, Tacho, Vehicle Check APIs)

Include the access token in the Authorization header using the Bearer scheme. Example Request: 
curl --request GET \
  --url https://api.masternautconnect.com/connect-webservices/services/public/v1/customer/{customerId}/tire/events \
  --header 'Authorization: Bearer B983854936PF1A7B61B141AB69494046' \
  --header 'Content-Type: application/json'
Required Headers:
HeaderValueDescription
AuthorizationBearer <your-access-token>Your OAuth2 bearer token
Content-Typeapplication/jsonRequired for requests with a body

Custom Header (Job Management API)

The Job Management API uses a custom header instead of the standard Authorization header. Example Request: 
curl --request GET \
  --url https://api.masternautconnect.com/job-management/v1/customer/{customerId}/jobs \
  --header 'x-connect-token: TOKEN B983854936PF1A7B61B141AB69494046' \
  --header 'Content-Type: application/json'
Required Headers:
HeaderValueDescription
x-connect-tokenTOKEN <your-access-token>Your OAuth2 bearer token with TOKEN prefix
Content-Typeapplication/jsonRequired for requests with a body
Note the TOKEN prefix before the access token value. This is required for the Job Management API.
Keep your Client ID, Client Secret, and access tokens secure. Never expose them in client-side code or public repositories.

Token Management Best Practices

  • Token Expiration: OAuth tokens have a limited lifetime. Implement token refresh logic in your application.
  • Secure Storage: Store client credentials and tokens securely using environment variables or secret management systems.
  • Error Handling: Implement proper error handling for authentication failures and token expiration scenarios.
  • Token Reuse: Cache and reuse valid tokens across multiple requests to minimize authentication overhead.