Online Authorization API

Introduction

The eConnect API can be used to grant access to a parking area for user/driver who are registered with one or more external mobility service providers and/or other customer loyalty schemes provider. It describes the endpoint interface that such a 3rd party service provider must implement to be able to participate in the eConnect online authorization protocol scheme. The authorization medium is the license plate number which need to be processed and maintained in a detailed pattern to ensure correct identification in a multi-regional setting (as used in Germany).

Explore APIs

Online Authorization - External Services Granting Access to a Parking Area

The entry lane device with camera detects the car via loop or by camera classification. The parking system is designed to maintain a fast recognition of the license plate and authorization so that the driver does not have to wait before the gate.
The entry lane checks in the backend business parameters like current capacity of the parking area (whether the parking area has free capacity or is occupied), or if the detected license plate or presented QR code is a registered user. Note: if the driver/user is registered in the parking system backend, no external authorization is initiated.
The parking system backend sends an authorization response to the connected 3rd party service provider. (Note: Timeout is 8 seconds, expected response shall be initiated not later than avg 250ms so that the information can be displayed at signs in the lanes for driver/user convenience)
The 3rd party service provider checks the parking media (license plate number or QR code) in its internal master data and response accordingly with "GRANTED" or "DECLINED" or “NOTFOUND".
The parking system initiates the following actions:
- Response "GRANTED":
  The lane device triggers a sign with information for the driver/user and opens the barrier. A parking transaction will be generated. The parking system adjusts the counters.
- Response "DECLINED":
  The lane device does not raise the barrier. An internal exception is generated to notify the parking operator. Usually the driver/user needs to push the intercom or in a commercial parking facility (not in a parkoneer environment) can enter as a short-term parker.
- Response "NOTFOUND":
  The lane device does not raise the barrier. An internal exception is generated to notify the parking operator. Parking operator can review the camera detected license plate and adjust it. The exception process re-triggers a new authorization.
Upon entry to the parking area which is detected by a leave loop or camera with direction trajectory, an event of this status change is sent to the 3rd party service provider.

Authentication via S&B's eConnect Interface

Authentication for the eConnect API interface does not use Basic Authentication or OAuth 2.0. Instead, it relies on a third-party service implementing the AuthCode flow. To successfully authenticate, the 3rd party service provider needs to provide the following information:

Token Endpoint URL
The URL where the access token can be requested.
Client ID
The unique identifier assigned to the application.
Client Credentials
The secret or credential associated with your Client ID, required to securely obtain access tokens.

Business Terms

Term	Definition	Comment
Product	Provides the business context where and when and how to park	Can be used to differentiate groups for different parking policies
Product Group	Aggregates similar products like all employee parking products	Represented by a BusinessObjectID
Facility	Physical parking areas are facility. Facility name: Name of the facility set during configuration Facility ID: UUID which identifies the facility Location ID: Proprietary Identification ID of the facility	Master data in module “Locations”
Capacity	Physical number of parking spaces for a facility	Master data in module “Locations”
Contingent	Allowed number of parking spaces (capacity) per weekday	Master data in module “Locations”

Premises and References

	Requirement	Comment
API Spec	econnect API V3.0.1
XML / JSON	Only XML
Header	X-Parking-Aggregator: SB X-Mobility-Provider: Integer set by 3rd party	pre-shared legacy for identifying 3rd party service provider
Format of LPN (Identification List)	`<identification>` `<id>MGSB123</id>` `<mediaType>LICENSEPLATE</mediaType>` `<encoding>NATIVE</encoding>` `<mediaLpn>` `<qualityFactor>1</qualityFactor>` `<country>DEU</country>` `<region>MG</region>` `</mediaLpn>` `</identification>`	License plate is in capital alphanumerical letters. Quality factor describes the quality of recognition.
id	Unique id identifying this authorization request. This is used for idempotency of messages and for later matching of responses.	Issued by the leading system, usually a UUID.
authType	Enum Type of authorization to be granted	ENTRY: user would like to enter the car park EXIT: user would like to leave the car park PAYMENT:user would like to use the id for discount and/or payment purposes. DOOR: user would like to access car park through a door
timestamp	ISO8601 date/time information of when the event occurred
locationId	Unique reference of the car park, parking facility	pre-shared
businessTransactionId	String Unique transactional reference (UUID) identifying a parking transaction, e.g. entry or exit	generated by the entry or exit device to separate a parking entry or exit transaction at the lane device
customerToken	Integer (max. 8 digits)	A unique identifier for the user/driver provided by the 3rd party service. Must remain identical for same driver/user.
responseCode	String Result of the authorization processing by 3rd party service	GRANTED: Requested operation allowed DECLINED: Requested operation refused NOTFOUND: No user/driver found with given media id’s
quotaGroup	String Reference to a quota group for counting occupancy in the car park	NON_RESERVED: Short-term parking RESERVED: Registered parking PREBOOKED: used for bookings, e.g. visitors
rateCode	String Reference (BusinessObjectID) to the type of parking / parking product for commercial parking or car access	Pre-shared

Use Cases

The synchronization of consumers (which are parking in a car park) is based on CRUD operations for a single consumer or a list of consumers using solely the Consumer API.
If a POST method is called and the c is found in the parking system, the existing record is updated with the new data.

#	Use Case	Parking System	3rd Party Service	Description
1	Service available		get /version	Check if service is available
2	Grant entry	put /authorizations	receives a REST request	Receive authorization request from parking system
3	Grant exit	put /authorizations	receives a REST request	Receive authorization request from parking system
4	Entry or exit confirmation	put /events	receives a REST request	Receive status change information from parking system upon vehicle physically entering/exiting the parking area
5	Record of closed parking transactions	put /transactions	receives a REST request	All information of the closed parking transaction. Used in commercial parking to invoice driver/user.

eConnect API

Entry - Example Request Body of the Parking System

<?xml version="1.0" encoding="UTF-8"?>
<authRequest>
	<id>da68f494-9c37-475e-b57b-7ba012a2c9ad</id>
	<timeStamp>2025-11-05T06:00:42.289Z</timeStamp>
	<authType>ENTRY</authType>
	<identificationList>
		<id>MGSB001</id>
		<mediaType>LICENSEPLATE</mediaType>
		<encoding>NATIVE</encoding>
		<mediaLpn>
			<qualityFactor>98</qualityFactor>
			<country>DEU</country>
			<region>MG</region>
		</mediaLpn>
	</identificationList>
	<locationId>SB1001.1001.040125</locationId>
	<businessTransactionId>a249c784-93d9-44ed-a3ef-f28a64538b47</businessTransactionId>
</authRequest>

Entry - Example Response of 3rd Pary Service, e.g., Dock & Yard System (Entry Granted)

<?xml version="1.0" encoding="UTF-8"?>
<authResponse>
	<id>aab888d3-0001-4842-b93e-a6d3e6737a87</id>
	<reference>da68f494-9c37-475e-b57b-7ba012a2c9ad</reference>
	<timeStamp>2025-11-05T06:00:42.292Z</timeStamp>
	<customerToken>1848435133</customerToken>
	<authType>ENTRY</authType>
	<locationId>SB1001.1001.040125</locationId>
	<responseCode>GRANTED</responseCode>
	<responseMessage>string</responseMessage>
	<quotaGroup>NON_RESERVED</quotaGroup>
	<rateCode>0</rateCode>
	<paymentPolicy>COLLECT_LOCAL</paymentPolicy>
	<identificationList>
		<id>MGSB001</id>
		<mediaType>LICENSEPLATE</mediaType>
		<encoding>NATIVE</encoding>
		<mediaLpn>
			<qualityFactor>98</qualityFactor>
			<country>DEU</country>
			<region>MG</region>
		</mediaLpn>
	</identificationList>
	<displayText>string</displayText>
	<authorizationProvider>
		<id>DY</id>
		<name>Dock and Yard</name>
	</authorizationProvider>
	<businessTransactionId>a249c784-93d9-44ed-a3ef-f28a64538b47</businessTransactionId>
</authResponse>

Exit - Example Request

<?xml version="1.0" encoding="UTF-8"?>
<eventList>
	<id>da68f494-9c37-475e-b57b-7ba012a2c9ad</id>
	<timeStamp>2025-11-05T06:18:53.521Z</timeStamp>
	<eventType>ENTRY</eventType>
	<customerToken>1848435133</customerToken>
	<locationId>SB1001.1001.040125</locationId>
	<businessTransactionId>a249c784-93d9-44ed-a3ef-f28a64538b47</businessTransactionId>
</eventList>

Introduction​

Explore APIs​

Online Authorization - External Services Granting Access to a Parking Area​

Authentication via S&B's eConnect Interface​

Business Terms​

Premises and References​

Use Cases​

eConnect API​

Entry - Example Request Body of the Parking System​

Entry - Example Response of 3rd Pary Service, e.g., Dock & Yard System (Entry Granted)​

Exit - Example Request​