Getting started

Welcome to the Pon.Bike Developer Portal

This guide will help you get started with the Pon.Bike APIs, designed in line with the EU Data Act to ensure secure, transparent, and user-controlled access to bike data.

Understanding Audiences

The Pon.Bike ecosystem supports two main audiences:

  • Bike Owners (Individuals): Control access to their bike data. They decide which applications can access their data and which scopes (permissions) are granted.

  • Third Parties (Companies): Build applications and services that use bike data to deliver insights or added value.

Both audiences play a key role in ensuring secure and meaningful data sharing.

Step 1: Create a Developer Account

Register on the Pon.Bike Developer Portal.

  • During signup, answer a few onboarding questions.

  • If you represent an organization, ensure you have the proper authorization before proceeding.

Step 2: Register Your Application

After creating your account:

  1. Log in and go to My Apps.

  2. Add your application name and a short description.

  3. Copy the Client ID generated — you’ll need it in Step 3.

Step 3: Request Data Access & Get an Access Token

Bike data is granted per bike.

  • The bike owner authorizes access to their data.

  • They select the scopes (permissions) your app requests.

  • This ensures transparency and keeps owners in control.

Your application obtains this access through the OAuth 2.0 Authorization Code Flow with PKCE:

PKCE: Code Verifier & Code Challenge

  1. Generate a random string (the code verifier)

    • Minimum 43 characters, maximum 128

    • Characters: letters, digits, -._~

    Example (code verifier):

    dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

  2. Create a SHA256 hash of the code verifier.

  3. Base64URL-encode the hash (no padding).
    This becomes your code challenge.

1. Redirect User to Authorize

Send the user to the authorization endpoint:

GET https://stg-consumer.login.pon.bike/authorize
  ?audience=https://data-act.connected.pon.bike/
  &response_type=code
  &client_id=<YOUR_CLIENT_ID>
  &scope=openid offline_access
  &redirect_uri=<YOUR_REGISTERED_REDIRECT_URI>
  &code_challenge=<YOUR_CODE_CHALLENGE>
  &code_challenge_method=S256

  • client_id → from Step 2

  • scope → permissions requested

  • redirect_uri → must match what you registered in the Developer Portal

  • code_challenge → derived from your PKCE code verifier

After login and consent, the user is redirected back to your redirect_uri with an authorization code.

2. Exchange Code for Tokens

Exchange the authorization code for an access token at the token endpoint:

POST https://consumer.login.pon.bike/oauth/token

Request body (x-www-form-urlencoded):

grant_type=authorization_code
client_id=<YOUR_CLIENT_ID>
code=<AUTHORIZATION_CODE>
redirect_uri=<YOUR_REGISTERED_REDIRECT_URI>
code_verifier=<YOUR_CODE_VERIFIER>

Response:

{
  "access_token": "<token>",
  "refresh_token": "<token>",
  "id_token": "<token>",
  "expires_in": 86400,
  "token_type": "Bearer"
}

  • Use the access_token to call Pon.Bike APIs.

  • Use the refresh_token to renew tokens without requiring user login.

Step 4: Explore Documentation

Visit the Documentation section for:

  • Detailed API references

  • Integration guides

  • Troubleshooting tips and best practices

Need Help?

  • Check our FAQ for quick answers.

  • Reach out through our contact options for personalized support.