Easy Connect

Before interact with HanchuESS Connect APIs, customer must give permission to use their assets. This must be achieved by the use of industry standard OAuth2.0.

Gererally, the process list as below:

• The user selects the device to connect to in the partner's customer facing app.

• The user is redirected to the HanchuESS OAuth2.0 web view.

• The user logs in with HanchuESS account.

• The user is reading all permission which granted to partner and relative connect privacy.

• The user confirms their consent.

• HanchuESS Auth2.0 flow will then redirect the user to the RedirectURL which was provided on the original URL call. The response parameters for the redirect call includes an authorization_code.

  • Note: The RedirectURL must support custom schemas which will allow mobile device use deeplink to redirect (e.g. partner://partner.tech/redirect).

• HanchuESS backend will receive the authorization_code and call the partner OAuth2.0 token endpoint to exchange the authorization_code for access and refresh tokens.

• Partner's backend will call the OEMs OAuth2.0 token endpoint to refresh the access token when expired.

Notes

• Access token will expires in 1 hours and refresh tokens expires in 30 days.

• The refresh token is not immediately invalidated by default when tokens are refreshed, as if something goes wrong with the refresh process, the previous refresh token can be used to retry.