Authentication
All requests to the Dash Open API are authenticated using a Bearer token. You obtain the token by exchanging a client_key + client_secret pair at the token endpoint.
Keep your secret server-side. A leaked client_secret can mint live tokens and dispatch real vehicles. Treat it like a database password. The Next Portal can't reset or rotate a secret today — if you suspect one is exposed, contact the Dash team.
Client credentials
Find your credentials in the Dash Next Portal — the API Keys for Host to Host card in Sandbox mode, or under Developers → API Key on Production. Each environment (Sandbox, Production) issues its own pair.
SAMPLE_CLIENT.Token endpoint
- Request
- 200 OK
- 401 Unauthorized
- 400 Bad Request
curl https://api.dashelectric.co/v1/auth/providers/token \
-H "Content-Type: application/json" \
-d '{
"client_key": "SAMPLE_CLIENT",
"client_secret": "random_and_unique_secret_key"
}'
{
"token": "random_and_unique_token"
}
{
"status": 401,
"message": "Tidak punya akses"
}
{
"status": 400,
"message": "Terjadi kesalahan pada isian",
"errors": [
{ "field": "client_key", "message": "Bidang client_key tidak boleh kosong" }
]
}
Bearer authentication
Pass the token in the Authorization header on every subsequent request:
- Header
- cURL
- Node.js
Authorization: Bearer <your_access_token>
curl https://api.dashelectric.co/v1/deliveries/DE-1727921269869 \
-H "Authorization: Bearer $DASH_TOKEN"
const res = await fetch(
"https://api.dashelectric.co/v1/deliveries/" + deliveryID,
{ headers: { Authorization: `Bearer ${token}` } }
);
Sandbox vs Production
Both environments share the same host. The credential pair you exchange decides which one your token belongs to.
next-portal.dashelectric.co. Real drivers, real charges. Use the production credential pair.The legacy sandbox-api.dashelectric.co host was deprecated on 21 May 2026 and will start returning 410 Gone on 21 Nov 2026. New integrations must use the unified base URL.