Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Tesla API Token Generator

This site may earn commission on affiliate links.
As always, be cautious about entering your Tesla credentials into someone else's site. There is always the possibility of that site saving your creds. Not a knock on your site corey, but just a general warning.

Also, it would be better for your python script if you didn't enter the password as an argument in the command line as that is shown on the screen and if in *nix systems, is logged in a cmd line history. A better method would be to use getpass to have it prompt for the password and not have it visible on the screen.

Example:

import getpass
passwd = getpass.getpass()
 
  • Like
Reactions: israndy
Being a developer myself I too am always concerned about security with using a Site created by anyone else. Corey looks legit and good at what he does but even so I decided to use Postman to do this instead as I didn't want to have to write and code or install NPM packages or Python.

Step 1) Download Postman App to your PC of Mac from here: Download Postman
Step 2) Click import and enter this link: https://www.getpostman.com/collections/2fc311bd4ce4f5c52f6d
Step 3) Fill in your username and password
hxMABqC.png

Step 4) Click 'Send', Postman will make a request to the API and return a token
Step 5) Copy the token from the API response and use it

You should see there is no special code here and nothing custom it is just a pre-configured Postman request to help with getting a new token.

This is completely safe as you are just making a direct call to the Tesla API from your PC or Mac to get a token and are not using any 3rd party code or sites. Just be careful where you store/save the token.

Hope this helps.
 
Being a developer myself I too am always concerned about security with using a Site created by anyone else. Corey looks legit and good at what he does but even so I decided to use Postman to do this instead as I didn't want to have to write and code or install NPM packages or Python.

Step 1) Download Postman App to your PC of Mac from here: Download Postman
Step 2) Click import and enter this link: https://www.getpostman.com/collections/2fc311bd4ce4f5c52f6d
Step 3) Fill in your username and password
hxMABqC.png

Step 4) Click 'Send', Postman will make a request to the API and return a token
Step 5) Copy the token from the API response and use it

You should see there is no special code here and nothing custom it is just a pre-configured Postman request to help with getting a new token.

This is completely safe as you are just making a direct call to the Tesla API from your PC or Mac to get a token and are not using any 3rd party code or sites. Just be careful where you store/save the token.

Hope this helps.
 
I wonder, has nobody compiled this into a simple webpage or program to make this accessible for simple non-nerds? I think you solve a great security issue here...

Well, here's another solution that doesn't run on anyone's server, so no uploading your credentials or security concerns.

It doesn't require Python, Ruby, CURL, PHP, Postman, or using a command line in OSX or Linux.

It only requires the well-known browser plugin Tampermonkey for Chrome or Firefox (see: Tampermonkey) , and my one-line script available here:

About | Telsa API Token Generator | Userscripts | OpenUserJS

Once you install Tampermonkey, and install my script above (one click), just go to this Tesla API URL in your browser:

https://owner-api.teslamotors.com/oauth/token

The script will add a form to enter your credentials, and from the same Teslamotors.com domain, submit your credentials to the API and return the JSON with your token.
 
Last edited:
Another way without using Tampermonkey or third part websites:


1. Install the Apiary chrome web extension here:
https://chrome.google.com/.../cboekbiaoabkhgjdclenjpipcla...

(This extension lets you send requests to Tesla straight from your Chrome browser instead of going through some unknown third party!)

2. Go to https://timdorr.docs.apiary.io/...

(You should see "Console calls are private now" if you completed step #1)

3. Click "Add a new query parameter" and for "New item" type "grant_type" (without the quotes of course), hit TAB and "null" should be highlighted. Type "password"'.

grant_type is the name of the query parameter, while password is the value of the query parameter.

4. Repeat Step 3, but with each of these:
Name: client_id, value: 81527cff06843c8634fdc09e8ac0abefb46ac849f38fe1e431c2ef2106796384

Name: client_secret, value: c7257eb71a564034f9419ee651c7d0e5f7aa6bfbd18bafb5c5c033b093bb2fa3

Name: email, value: [email protected]
Name: password, value: YOUR TESLA password

5. Then click "Call Resource"

6. You should then see a "Response" section appear. Scroll down and look for:
"access_token": "abc123",

Copy all the text inside the second set of quotation marks (in the example that would be abc123)

That is your access token. You can use that to start your Teslafi account without giving them your login information.

A picture is worth a thousand words:
 

Attachments

  • 2018-08-01 15_15_06-Tesla Model S JSON API · Apiary.png
    2018-08-01 15_15_06-Tesla Model S JSON API · Apiary.png
    53 KB · Views: 540
Is there a similar method for listing and revoking tokens?

Being a developer myself I too am always concerned about security with using a Site created by anyone else. Corey looks legit and good at what he does but even so I decided to use Postman to do this instead as I didn't want to have to write and code or install NPM packages or Python.

Step 1) Download Postman App to your PC of Mac from here: Download Postman
Step 2) Click import and enter this link: https://www.getpostman.com/collections/2fc311bd4ce4f5c52f6d
Step 3) Fill in your username and password
hxMABqC.png

Step 4) Click 'Send', Postman will make a request to the API and return a token
Step 5) Copy the token from the API response and use it

You should see there is no special code here and nothing custom it is just a pre-configured Postman request to help with getting a new token.

This is completely safe as you are just making a direct call to the Tesla API from your PC or Mac to get a token and are not using any 3rd party code or sites. Just be careful where you store/save the token.

Hope this helps.
 
  • Like
Reactions: JohnnyG
Use the curl script, works great on my Mac in a Terminal window, and I don't have to worry about what the code does, it's all in the single command line. Pasted the updated token to EV-FW.com and it immediately got my newest update and listed it. Sweet

-Randy
 
Name: client_id, value: 81527cff06843c8634fdc09e8ac0abefb46ac849f38fe1e431c2ef2106796384

Name: client_secret, value: c7257eb71a564034f9419ee651c7d0e5f7aa6bfbd18bafb5c5c033b093bb2fa3

Just heads up -- I was writing my own script to do this and after repeated 401 replies from Tesla eventually discovered that these don't work.

These do:

'client_id':'e4a9949fcfa04068f59abb5a658f2bac0a3428e4652315490b659d5ab3f35a9e',
'client_secret':'c75f14bbadc8bee3a7594412c31416f8300256d7668ea7e6e7f06727bfb9d220',
 
  • Informative
Reactions: Dre78 and JohnnyG
Being a developer myself I too am always concerned about security with using a Site created by anyone else. Corey looks legit and good at what he does but even so I decided to use Postman to do this instead as I didn't want to have to write and code or install NPM packages or Python.

Step 1) Download Postman App to your PC of Mac from here: Download Postman
Step 2) Click import and enter this link: https://www.getpostman.com/collections/2fc311bd4ce4f5c52f6d
Step 3) Fill in your username and password
hxMABqC.png

Step 4) Click 'Send', Postman will make a request to the API and return a token
Step 5) Copy the token from the API response and use it

You should see there is no special code here and nothing custom it is just a pre-configured Postman request to help with getting a new token.

This is completely safe as you are just making a direct call to the Tesla API from your PC or Mac to get a token and are not using any 3rd party code or sites. Just be careful where you store/save the token.

Hope this helps.

When I import that I don't see the entries populated like you have in the screenshot. What am I missing here?