Enhanced Authorisation Security for Developers

We have introduced PKCE (Proof Key for Code Exchange) as a new standard for secure logins on the Volvo Cars Developer Portal. Combined with the use of client secrets, this advancement ensures a more robust and secure authentication process for your applications.

What’s New?

• PKCE Implementation: Adds an additional layer of security by preventing interception during the authorisation process.
• Client Secret Enforcement: Strengthens authentication by requiring both a dynamic proof key and a confidential client secret.

Why This Matters?

• Enhanced Security: Protects your integration from potential threats such as code interception attacks.
• Seamless Developer Experience: Combines security with ease of use for a smoother login process.
• Future-Ready: Aligns with industry best practices for OAuth 2.0 authentication.

What You Need to Do

• Read the official technical documentation here: https://developer.volvocars.com/apis/docs/authorisation/#proof-key-for-code-exchange
• Update your applications to support PKCE if they don’t already.
• Ensure your client secrets are securely stored and implemented.

For detailed instructions, visit our PKCE Authentication Guide in the Developer Portal. Start using these enhancements today to keep your applications and user data secure!