http://www.programmableweb.com/news/how-to-use-undocumented-apis-to-hack-your-tesla/how-to/2016/02/25 How to Use Undocumented APIs to Hack Your Tesla Feb. 25 2016 Doron Katz
[image http://www.programmableweb.com/sites/default/files/Screen%20Shot%202016-02-25%20at%2012.57.06.jpg Tesla is not just an automaker, but also a technology and design company with a focus on energy innovation. (source: Tesla) ] Tesla is considered the geekster’s car of cars, based on founder Elon Musks’s vision of creating an all-electric vehicle that does not compromise on performance. Founded in 2003 in Silicon Valley, Tesla has rolled out numerous vehicles. In 2012 Tesla launched the Model S sedan, a 100% electric vehicle capable of accelerating from 0 to 60 in 5 seconds. Of course, developers are eager to create some funky apps that will make the expensive Tesla vehicles even more connected. Musk has said that Tesla Motors is indeed working on an SDK, with the potential to open up a platform for third-party developers to create Internet-connected apps and making Tesla vehicles even more "gadgety." The official SDK is expected to be delivered sometime in 2016. In the meantime, there is an unofficial JSON API for the Tesla Model S that can remotely monitor and control certain aspects of the vehicle. Of course, as an unoffical, community-driven API, it can break at any time. But, to explore the potential of APIs on the Tesla platform, we will walk through the unofficial API--testing its capabilities and determining the kinds of apps it can enable. Overview of the API The unofficial JSON API consists of three main categories, the Login/Authentication module, the Vehicle List and Information category and the Vehicle Command category. Login/Authentication The first API endpoint we need to get familiar with is authentication, which allows users to authenticate using the owner’s login credentials. After authentication, the system returns an access_token. Using the following client id and secret code, we send a POST request, as follows: Client ID:=e4a9949fcfa04068f59abb5a658f2bac0a3428e4652315490b659d5ab3f35a9e Secret=c75f14bbadc8bee3a7594412c31416f8300256d7668ea7e6e7f06727bfb9d220 The POST URL is: https://owner-api.teslamotors.com/oauth/token You pass in the following parameters in the call: grant_type: password client_id: client id above client_secret: secret above email: email of owner password: password of owner Returning the access token, you then store and use the access_token in the header of all future API calls. The returned header would look like: Content-Type:application/json The body return would look like: { "access_token": "abc123", "token_type": "bearer", "expires_in": 7776000 } Calling other API endpoints, in the two other categories, you would include in the header something like: Authorization: Bearer {abc123} //abc123 is the access_token from before Vehicle Information The first category of endpoints relates to vehicle information--in particular, vehicle collection, which lists all the vehicles owned by the user, and vehicle settings. To return a list of vehicles owned by the user, including those shipped, you pass in the access_token retrieved in the authorization call. The response would look like something below: { "response": [ { "color": null, "display_name": null, "id": 321, "option_codes": "MS01,RENA,TM00,DRLH,PF00,BT85,PBCW,RFPO,WT19,IBMB,IDPB,TR00,SU01,SC01,TP01,AU01,CH00,HP00,PA00,PS00,AD02,X020,X025,X001,X003,X007,X011,X013", "user_id": 123, "vehicle_id": 1234567890, "vin": "5YJSA1CN5CFP01657", "tokens": [ "x", "x" ], "state": "online" } ], "count": 1 } You can also relatively easily retrieve various settings and the status of the user’s vehicle, including. charge state of the car, mobile access, climate settings, vehicle state driving and position To get the current state of the vehicle battery, you would use: https://owner-api.teslamotors.com/api/1/vehicles/vehicle_id/data_request/charge_state You get a surprisingly decent amount of information back: { "response": { "charging_state": "Complete", // "Charging", ?? "charge_to_max_range": false, // current std/max-range setting "max_range_charge_counter": 0, "fast_charger_present": false, // connected to Supercharger? "battery_range": 239.02, // rated miles "est_battery_range": 155.79, // range estimated from recent driving "ideal_battery_range": 275.09, // ideal miles "battery_level": 91, // integer charge percentage "battery_current": -0.6, // current flowing into battery "charge_starting_range": null, "charge_starting_soc": null, "charger_voltage": 0, // only has value while charging "charger_pilot_current": 40, // max current allowed by charger & adapter "charger_actual_current": 0, // current actually being drawn "charger_power": 0, // kW (rounded down) of charger "time_to_full_charge": null, // valid only while charging "charge_rate": -1.0, // float mi/hr charging or -1 if not charging "charge_port_door_open": true } } Vehicle Commands What fun is having a beast of a car like the Tesla if you can’t throw commands at it? Some of the commands the Tesla S can receive include: Wake up the Car Set Charge Limit Start/Stop Charging Honk Horn Lock/Unlock Doors Set Climate Move Pano Roof Remote Start Open Trunk For all of the POST endpoints below, you will get the response of true or false, to indicate whether the command was successfully received or not. Starting the car (which requires the car to be driven within two minutes of request) can be accomplished by simply calling: https://owner-api.teslamotors.com/api/1/vehicles/vehicle_id/command/remote_start_drive?password=password Moving the Pano Roof can be accomplished by calling: https://owner-api.teslamotors.com/api/1/vehicles/vehicle_id/command/sun_roof_control?state=state&percent=percent Summary Of course, there are many more endpoints you can explore, and, if you are part of the exclusive Tesla S owners club, tyou can go ahead and test out these methods today, However, the stability of the unofficial Tesla S JSON API means anything can break at anytime. Tesla has promised to deliver the official SDK sometime in 2016. More than likely, it will support all of the endpoints found in the unofficial API. But, we are even more excited to discover what other functionality an official Tesla SDK may introduce. [© programmableweb.com] For EVLN EV-newswire posts use: http://evdl.org/evln/ {brucedp.150m.com} -- View this message in context: http://electric-vehicle-discussion-list.413529.n4.nabble.com/How-to-Use-Undocumented-APIs-to-Hack-Your-Tesla-EV-tp4680662.html Sent from the Electric Vehicle Discussion List mailing list archive at Nabble.com. _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org Read EVAngel's EV News at http://evdl.org/evln/ Please discuss EV drag racing at NEDRA (http://groups.yahoo.com/group/NEDRA)
