TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC
  1. TMC is currently READ ONLY.
    Click here for more info.

Tesla API Token Generator

Discussion in 'Model S' started by MarcusMaximus, Jan 6, 2017.

Tags:
  1. Mobsidian

    Mobsidian Member

    Joined:
    Oct 31, 2017
    Messages:
    135
    Location:
    Ajax, ON
    Nevermind. I tried on a mac and it worked. Thanks!
     
  2. ramonneke

    ramonneke Active Member

    Joined:
    Apr 26, 2018
    Messages:
    3,418
    Location:
    Rotterdam
    I'm using the curl statement but getting the following response:

    Code:
    {"response":"authorization_required_for_txid_``"}
    
    I'm using :

    Code:
    curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW" -F "grant_type=password" -F "client_id=e4a9949fcfa04068f59abb5a658f2bac0a3428e4652315490b659d5ab3f35a9e" -F "client_secret=c75f14bbadc8bee3a7594412c31416f8300256d7668ea7e6e7f06727bfb9d220" -F "email=USER_YOUR_EMAIL" -F "password=USER_YOUR_PASSWORD" "https://owner-api.teslamotors.com/oauth/token"
    
     
  3. ramonneke

    ramonneke Active Member

    Joined:
    Apr 26, 2018
    Messages:
    3,418
    Location:
    Rotterdam
    Ok issue was that my tesla account was blocked.
     
    • Like x 1
  4. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
    #64 HankLloydRight, Nov 26, 2018
    Last edited: Nov 26, 2018
    Ok, I've just added some new enhancements to my secure Tesla API Token Generator

    To recap, you can generate an API token using my script and only sending your credentials directly to Tesla. No middleman. No variables to set up. No script editing. No command line. Just a few clicks to install the script. Works in any modern browser.

    See my original post here for simple install directions here: Post #47

    I've now added the ability to view/download all your referral information that you can see in the Loot Box, but here you can get access to it all in a web page without using the mobile app or the TESLA ACCOUNT page. Includes order date, delivery date, and name of each referrer.

    I've also added the ability to load/display your 'Loot Box' just like it is displayed in the mobile app.

    The script also can download all the information for any vehicles linked to your car. A quick and dirty way to check /api/1/vehicles and /data.

    If you've already installed the script, just go to your Tampermonkey Dashboard and click on the "Last Updated" column to install the latest version:

    upload_2018-11-26_16-45-7.png

    That's it. Then all you need to do is go to Tesla's own website to get started: https://owner-api.teslamotors.com/oauth/token

    upload_2018-11-26_16-51-56.png
     
  5. chitroneogy

    chitroneogy New Member

    Joined:
    Mar 28, 2019
    Messages:
    1
    Location:
    massachusetts
    Hello I am having the same issue and same message. How did you unblock your account?
     
  6. TheDon

    TheDon Member

    Joined:
    Jun 26, 2019
    Messages:
    62
    Location:
    Southern California
    Cool Tampermonkey plugin! I did notice that it thinks there are error in syntax for the $ in the code. (Along with using some dot notation and cookie not being defined.) Using 4.8.41 of TamperMonkey.
     
  7. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
    So you’re saying it does not work for you? I’m not sure why that would be.
     
  8. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
  9. TheDon

    TheDon Member

    Joined:
    Jun 26, 2019
    Messages:
    62
    Location:
    Southern California
  10. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
    You can ignore those parse warnings (they’re just warnings, not actual errors) .. it’s because jQuery $ isn’t defined until it actually runs in the browser.
     
  11. TheDon

    TheDon Member

    Joined:
    Jun 26, 2019
    Messages:
    62
    Location:
    Southern California
    Cool. I am not familiar with this programming environment. Just wanted to be sure it was good. How do you develop with these things showing up all the time?
     
  12. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
    They’re just suggestions, not critical. Also TM scripts are short. It’s not really a development environment, it’s a code insertion tool.
     
  13. Gwgan

    Gwgan Almost a wagon

    Joined:
    Aug 11, 2013
    Messages:
    2,836
    Location:
    Maine
    Bump query. Two cars, two drivers, two phones—I’d rather not change passwords as often as I might want to revoke an access code.
    Trying to use iOS Shortcuts to execute revoke without success. Getting an access code works fine. Any tips on syntax?
     
  14. darth_vad3r

    darth_vad3r Well-Known Sith

    Joined:
    May 6, 2019
    Messages:
    1,574
    Location:
    Canada
    #74 darth_vad3r, Oct 7, 2019
    Last edited: Oct 7, 2019
    My curl command that worked (I think) had:

    -F "token=$access_token" "https://owner-api.teslamotors.com/oauth/revoke"

    What are you trying?

    EDIT: Hmm... I can't remember if that worked or an iOS shortcut that required a further tweak.

    I do remember there being some small difference vs what the API 'docs' said online.

    EDIT2: I think maybe the API docs didn't mention you having to include the normal auth header, but you do (or vice versa)

    -H "Authorization: Bearer $access_token" -F "token=$access_token" "https://owner-api.teslamotors.com/oauth/revoke"

    ?? ... nah, I think it was the form data part I had to add to get it to work, I was always including auth ??

    LOL. Once you get it to work post back!
     
  15. Bob Denny

    Bob Denny Member

    Joined:
    Feb 20, 2020
    Messages:
    110
    Location:
    Mesa, AZ
    Bravo the curl command worked first time.
     
  16. Ostrichsak

    Ostrichsak Active Member

    Joined:
    Sep 6, 2018
    Messages:
    3,178
    Location:
    Colorado, USA
    For me, this was the easiest and most secure of all methods posted. Thanks.

    I noticed when generating an API token that there was an option to "Log Out/Delete Token" and I'm wondering if there's an easy way to do this down the road at any point w/o changing my Tesla.com password? Say I want to revoke access to that one single API token w/o revoking others or needing to change my password. Is there a way to access this option in the future to either list tokens and what device/application they've been used to access & select which ones to revoke or (at minimum) a way to manually enter a token that you've saved elsewhere in your own list and revoke it's access privileges?
     
    • Like x 1
  17. Randy Spencer

    Randy Spencer Active Member

    Joined:
    Mar 31, 2016
    Messages:
    3,101
    Location:
    Alameda, CA
    #77 Randy Spencer, Jul 5, 2020
    Last edited: Jul 5, 2020
    Doesn't Tesla make you change the password anyway periodically? I just use my Apple built-in password manager. Whenever I am unhappy with an app I connected to my TM3 I just reset it and update it in the Tesla app and TezLab and I put the token in EV-FW.com. Then I know where I am at.

    Though I tend to forget to update my wife's phone.

    Would have been nice if I had done that before realizing I left my phone in the car when we were on a hike this week. Could have locked the car from her phone remotely instead of just hoping the car was still there when we got back... Apple needs to update the password manager for everyone in the family or at least give me access from my Watch.
     
  18. HankLloydRight

    HankLloydRight No Roads

    Joined:
    Jan 18, 2014
    Messages:
    12,795
    Location:
    Connecticut
    You're welcome!

    I'm not 100% certain, but I do not think there's any way to invalidate a specific token, only that all current tokens are expired when you change your password. If there is, someone please show us how.
     
  19. RTPEV

    RTPEV Member

    Joined:
    Mar 21, 2016
    Messages:
    804
    Location:
    Durham, NC
    Use the refresh token received when you got your access token to refresh your token.

    This should invalidate the original access token.
     
  20. Ostrichsak

    Ostrichsak Active Member

    Joined:
    Sep 6, 2018
    Messages:
    3,178
    Location:
    Colorado, USA
    So that means if I have multiple apps I want a token for I use the same API token for each one. Getting a new token will revoke the previous one so I'd need to use that new token in all apps I previously had a token for, right?
     

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC