This section outlines how to securely authenticate and authorize access to the Gridio Connect API, both for backend systems and customer-facing applications.
Before proceeding, ensure you’ve obtained the following credentials from Gridio:
Request credentials by emailing [email protected].
All backend interactions with Gridio should be authenticated using the OAuth2 Client Credentials Flow.
POST <https://api.gridio.energy/oauth2/token>
Body needs to be application/x-www-form-urlencoded with the following fields
| Field | Value |
|---|---|
| grant_type | client_credentials |
| scope | scopes/backend |
| client_id | <client_id_here> |
| client_secret | <client_secret_here> |
Request can be also authorized via standard Basic Auth authentication with client_id and client_secret, eg:
🧪 Curl Example
curl -X POST [<https://api.gridio.energy/oauth2/token>](<https://api.gridio.energy/oauth2/token>) \\
-H "Content-Type: application/x-www-form-urlencoded" \\
-H "Authorization: Basic <base64(client_id:client_secret)>" \\
-d "grant_type=client_credentials&scope=scopes/backend"
✅ Sample Response
{
"access_token":"eyJraW…pHLypp_Ig",
"expires_in":3600,
"token_type":"Bearer"
}
ℹ️ No refresh token is issued. When the token expires, simply request a new one using the same credentials.
🌐 Customer Frontend Authorization
For frontend interactions — such as initiating a vehicle integration via the Gridio Connect UI — a separate authorization mechanism is used. Frontends are treated as untrusted environments and must not use backend access tokens.