Stay organized with collections
Save and categorize content based on your preferences.
What is a token?
Fleet Engine requires the use of JSON Web Tokens (JWTs) for API method calls
from low-trust environments: smartphones and browsers.
A JWT originates on your server, is signed, encrypted, and passed to the client
for subsequent server interactions until it expires or is no longer valid.
Key details
For more information about JSON Web Tokens, see JSON Web Tokens in
Fleet Engine Essentials.
How do clients get tokens?
Once a driver or consumer logs in to your app using the appropriate
authorization credentials, any updates issued from that device must use
appropriate authorization tokens, which communicates to Fleet Engine the
permissions for the app.
As the developer, your client implementation should provide the ability to do
the following:
- Fetch a JSON Web Token from your server.
- Reuse the token until it expires to minimize token refreshes.
- Refresh the token when it expires.
The AuthTokenFactory class generates authorization tokens at location update
time. The SDK must package the tokens with the update
information to send to Fleet Engine. Make sure that your server-side
implementation can issue tokens before initializing the SDK.
For details of the tokens expected by the Fleet Engine service, see Issue JSON
Web Tokens for Fleet Engine.
Example of an authorization token fetcher
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-27 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-27 UTC."],[[["\u003cp\u003eFleet Engine requires JSON Web Tokens (JWTs) for API calls from low-trust environments like smartphones and browsers, which are signed by a service account on your server.\u003c/p\u003e\n"],["\u003cp\u003eYour backend should use standard Application Default Credentials to authenticate with Fleet Engine.\u003c/p\u003e\n"],["\u003cp\u003eClient applications need to fetch, reuse, and refresh JWTs from your server for authorization when interacting with Fleet Engine.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAuthTokenFactory\u003c/code\u003e class helps generate these authorization tokens, which are then included with location updates sent to Fleet Engine.\u003c/p\u003e\n"]]],["JSON Web Tokens (JWTs) are required for API calls from low-trust environments like smartphones and browsers. Clients fetch JWTs from the server upon user login and reuse them until expiry, refreshing them as needed. The `AuthTokenFactory` class generates tokens packaged with update information for Fleet Engine. Your server must use Application Default Credentials and appropriate service accounts to sign and issue JWTs, communicating app permissions to Fleet Engine. Client implementations must fetch, reuse, and refresh these tokens.\n"],null,["What is a token?\n----------------\n\nFleet Engine requires the use of **JSON Web Tokens** (JWTs) for API method calls\nfrom **low-trust environments**: smartphones and browsers.\n\nA JWT originates on your server, is signed, encrypted, and passed to the client\nfor subsequent server interactions until it expires or is no longer valid.\n\n**Key details**\n\n- Use [Application Default Credentials](https://google.aip.dev/auth/4110) to authenticate and authorize against Fleet Engine.\n- Use an appropriate service account to sign JWTs. See [Fleet Engine serviceaccount](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/service-accounts#fleet_engine_service_account_roles) roles in **Fleet Engine Basics**.\n\nFor more information about JSON Web Tokens, see [JSON Web Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/jwt) in\n**Fleet Engine Essentials**.\n\nHow do clients get tokens?\n--------------------------\n\nOnce a driver or consumer logs in to your app using the appropriate\nauthorization credentials, any updates issued from that device must use\nappropriate authorization tokens, which communicates to Fleet Engine the\npermissions for the app.\n\nAs the developer, your client implementation should provide the ability to do\nthe following:\n\n- Fetch a JSON Web Token from your server.\n- Reuse the token until it expires to minimize token refreshes.\n- Refresh the token when it expires.\n\nThe `AuthTokenFactory` class generates authorization tokens at location update\ntime. The SDK must package the tokens with the update\ninformation to send to Fleet Engine. Make sure that your server-side\nimplementation can issue tokens before initializing the SDK.\n\nFor details of the tokens expected by the Fleet Engine service, see [Issue JSON\nWeb Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt) for Fleet Engine.\n\nExample of an authorization token fetcher\n-----------------------------------------"]]
