You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
How does one revoke the tokens?May still revoke the tokens
Just change your Tesla password.How does one revoke the tokens?
Hey everybody, thanks for your interest in Carmiq. I'm Haydn, one of the co-founders. Of course, user security is a paramount consideration of ours. The authorization process is a standard 'OAuth' that is hosted on Tesla servers. Therefore, we never have access to view/store the Tesla account credentials. When you input your account credentials, we receive the same token that provides temporary and limited access to the account. This is the same process used when you sign up to a site using Facebook or Google. While allowing users to input a token is a possibility, doing so does not actually provide any security advantages and requires users to generate their own token (through a different third-party site).
Many of Carmiq's features rely on individual data from users' Teslas, which is why we require this information to sign up. All vehicle API calls are done through the official Tesla fleet API's, which we have been granted a license to use. Furthermore, all features/data-sharing must be explicitly opted in to by the user. Carmiq will never spam you with ads for services or share your data without your permission.
If anybody has any additional questions, please respond below or direct message me and I'll be happy to answer.
Thanks!
Thanks for the feedback. Unfortunately, Tesla has not yet developed its own authentication window yet. However to clarify, allowing users to input their own tokens would not increase security. When somebody enters the credentials on the page, they are saved in local memory until the form is submitted. At that point, it is sent to Tesla which verifies and grants/denies the token. At no point is the information accessible by Carmiq. Therefore, allowing users to input their own token adds friction while creating a misleading narrative that inputting the token is more secure.
I'd like to understand your warning.Whoooaaa. I know this thread is old and the service seems dead, but I just have to bring attention to this for current readers. If anyone used this service, please change any accounts that use a same or similar password to the one given to Carmiq (your Tesla password).
I'd like to understand your warning.
Are you saying that giving a password to a bad actor is dangerous because passwords tend to be similar or identical ?
I'll agree with you there, but then giving a password of that type to any one carries the same risk.
I did not sign up for Carmiq and I don't have any skin in this game. However, I also don't see any evidence that Carmiq is/was a bad actor. Going out of business is not a red flag.
Not without access to one's email. Hopefully, EVERYONE has turned on Two Factor Authentication on their email considering how many places allow you to reset your password by clicking reset and responding to an email you received, making your email a target for hackers.Your email and password can be changed
Not without access to one's email. Hopefully, EVERYONE has turned on Two Factor Authentication on their email considering how many places allow you to reset your password by clicking reset and responding to an email you received, making your email a target for hackers.