Identify which scopes your application needs (e.g., read_vehicle_info, read_odometer, control_security) and consult the Smartcar permissions reference to confirm which makes/models support each scope
Build the authorization URL with the required query parameters: response_type=code, client_id, redirect_uri, scope (space-delimited), and state for CSRF protection
Optionally include make-specific flags such as the make parameter to pre-select the brand in Smartcar Connect and skip the brand-picker step
Handle the redirect callback: validate the state parameter, then POST the authorization code to the token endpoint with client credentials to receive access and refresh tokens
Store the returned vehicle ID alongside the tokens; use GET /v2.0/vehicles to enumerate all vehicles the user consented to if multiple vehicles are expected
Known gotchas
Some OEMs (notably GM-branded vehicles) require the user to have an active connected-services subscription before Smartcar can access the vehicle — this manifests as a token exchange error or empty vehicle list
The redirect_uri must exactly match a URI registered in your Smartcar dashboard; trailing slashes or protocol mismatches cause silent failures
Single-select mode limits the user to one vehicle per consent flow; if you expect fleets, ensure mode=select is not forcing single selection
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp