Excellent find. API design is not my forte however I'm quite shocked that Tesla didn't use standard API conventions such as Oauth or SAML. However, in conversations with the lead engineer for Onstar, I believe GM took a similar route. Honestly, I'm more concerned about the segregation and trust...