Skip to main content
How do I update my REST API authentication method to OAuth 2?
tado° avatar
Written by tado°
Updated over a week ago

Here is a quick guide to help you transition to the new authentication method.

Note: This article was intended for hobbyists and open-source projects to grant access to the API without any additional support from our technical team.

First you have to obtain an access token from:

https://auth.tado.com/oauth/token

using the following client credentials:

Client ID: public-api-preview
Client Secret: 4HJGRffVR8xb3XdEUQpjgZ1VplJi6Xgw

The request would look similar to the following:

POST https://auth.tado.com/oauth/token
Content-Type: application/x-www-form-urlencoded
Accept: application/json
 
client_id = public-api-preview &
client_secret = 4HJGRffVR8xb3XdEUQpjgZ1VplJi6Xgw &
username = myUsername &
password = myPassword &
grant_type = password

Note that username and password need to be URL encoded. In particular, since the username coincides with your email address it needs to be encoded like `user%40email.com`, i.e. the ‘@’ character needs to be encoded as ‘%40’.

You will obtain a response in JSON format which looks like: 

access_token: “myAccessToken",
refresh_token: “myRefreshToken”,

Afterwards you can make any of your requests by passing the access token in the authorization header.

For example, the request from above would transform to:

GET https://my.tado.com/api/v2/me
Authorization: Bearer myAccessToken

Please note that this access token is valid for 10 minutes, so you can (and should) use the same token for multiple requests. This will make your integration run faster and prevent you from hitting any API rate limit on the authorization endpoint. Once your token expires you can simply obtain a new token, either by using the provided refresh token or going through the same flow again.

Note that there are many open-source libraries that can help with managing standard OAuth flows/authentication, so you may be able to use one of these to simplify how you call our API.

Also, feel free to share the client credentials with other developers. That way we will be able to easily distinguish our own apps from third party developers.

Related Articles
How does the tado° Smart Charging App use my car data?
Did this answer your question?