Doubtful. Tesla doesn’t want us to see battery/ range degradation which Teslafi currently does.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Glan gluaisne
Active Member
There's a lesson in all this, do not establish a business model that relies on using an unofficial, undocumented, API, where the owner of that API hasn't given explicit consent to any third party to use it. AFAIK, all the non-Tesla apps, code in smart chargers, etc, that relies on the Tesla API is using it without Tesla's consent. There has to be a good reason for Tesla not wishing to publicly document their API, or acknowledge any of the third party users. Makes me wonder if this is just Tesla firing a warning shot across the bows of all of us that are using unofficial apps to get data from Tesla about our cars.
That could well be correct. Just out of interest does that unofficial performance boost that you can buy use the API?
Glan gluaisne
Active Member
Not as far as I know, it's a hardware add on that manages to unlock the extra performance and claims to be undetectable by over-the-air data access. They do warn that the module should be removed if the car goes in for service, I believe, in case there are any warranty issues around such a mod.
..and the longer this goes on for the more chance those tokens will expire before they're able to be renewed - affected owners will have to provide their credentials again.
A good thread here they're keeping updated https://twitter.com/teslascope/status/1304109625269088257?s=20
A good thread here they're keeping updated https://twitter.com/teslascope/status/1304109625269088257?s=20
Glan gluaisne
Active Member
I can see this turning into a game of cat and mouse, if Tesla really do want to try and limit third party access. If app creators like Teslafi migrate away from AWS to another provider, it won't take long for Tesla to just block that providers IP ranges, as they've done for AWS and Google.
Boy, Tesla must have been going crazy since TeslaFi came online....They were now having a product that actually showed the truth about how the car is reacting......now that they shut it down from accessing data, they can keep on lying about what we, the customer, can show is not normal activity....I am sure they were tired with having t deal with all the information that contradicts what they tell us.....so, what do we do now
*Adam
Member
This change has nothing to do with 2FA, it appears to be an restriction applied to a range of IP addresses. This is why TeslaMate users (such as myself) that host within our own home network's are not disrupted by the action taken by Tesla today.
Furthermore implementing 2FA would only cause issues for new logins, not where there are existing tokens... and it wouldn't take long for someone to reverse engineer the API changes and implement their own second-stage authentication page to permit it to continue working.
pdk42
Active Member
If they were to implement 2FA allowing the existing tokens to continue to work would be silly - they're a massive hole in the system currently.
I hope they come up with a aystem that allows it to work.. proper oauth with restricted permissions would be nice, but they could equally just turn the whole thing off if they felt like it.. they've never made any attempt to stop anyone so far so I'd hope they won't go that route.
I hope they come up with a aystem that allows it to work.. proper oauth with restricted permissions would be nice, but they could equally just turn the whole thing off if they felt like it.. they've never made any attempt to stop anyone so far so I'd hope they won't go that route.
El joe
Active Member
Wow, surprised Tesla would take such drastic actions. I can sort of see why, but wow.
That's true, they may invalidate the tokens at that stage.
However the underlying point remains the same - this is nothing to do with 2FA.
Let's not overreact. API can be temporarily taken down. Only aws seems to be affected.
Glan gluaisne
Active Member
Makes me glad I stuck with self-hosting on a Raspberry Pi. That will be talking to the Tesla servers from the same IP that's accessed my Tesla account several times, so it seems unlikely they will block that. If they did start blocking individual owners IP addresses then they'd pretty soon get a lot of justifiable flack.
They could choose to change tactic and try and control the way that access tokens work, as at the moment there will be two tokens in use by me, one from the app and one from Teslamate. Given that some people may well have two or three devices legitimately linked to their account, this would be pretty challenging to block, though. I think those of us running Teslamate standalone at home are probably safe enough, at least for now.
I can see there being a flood of posts here before long asking about how to set up a Raspberry Pi and Teslamate . . .
Similar threads
