TeslaFi and other AWS and GCP clients currently blocked access to Tesla API

[webbah]

I don't want to change hosting I am using AWS lambda, AWS API gateway and Dynamo DB so I am pretty heavily locked into AWS without a major re-write and a lot more cost. I guess i will need to look at a proxy.

Yeah, that would suck! I'm spinning up a small Debian 10 VM on Bahnhof just to test. Shouldn't take too long to import my Teslamate backup. And I see no reason why I can't run both instances for now (one at home and one at Bahnhof) for testing. We'll see how it goes.

 

[BMW740iL]

Yeah, that would suck! I'm spinning up a small Debian 10 VM on Bahnhof just to test. Shouldn't take too long to import my Teslamate backup. And I see no reason why I can't run both instances for now (one at home and one at Bahnhof) for testing. We'll see how it goes.

You can only get data on one instance. Also related to Tesla api iirc. I tried to run Teslamate both on rPi and in GCP when switching to Google Cloud but then didnot get the drives etc on my Teslamate on rPi

 

[webbah]

You can only get data on one instance. Also related to Tesla api iirc. I tried to run Teslamate both on rPi and in GCP when switching to Google Cloud but then didnot get the drives etc on my Teslamate on rPi

Ok cool. Thanks for letting me know. I'll shut down the docker instance at home while testing. I can always shuttle backups between the two before deciding which way to go.

 

[Glan gluaisne]

If this is deliberate, rather than just collateral damage as a consequence of Tesla shutting off Google and AWS for other reasons, then it would make a lot of sense for Tesla to either develop their own app, that has the same functionality as Teslamate, TeslaFi etc, or come to some licensing deal to allow access for third party app developers. Because of the potential security issues with doing the latter, I'd prefer it if Tesla came up with an app.

The third party app developers have already shown there's a big demand, and the current Tesla app is a bit limited, so something with the same sort of functionality as TeslaFi, but including full vehicle control, would, I'm sure, be received well. Even if they charged a subscription for the extended app features I think it would still go down well. I'd probably pay for such a service, rather than keep running a RPi with Teslamate, as I only run the latter because I don't feel comfortable sharing my Tesla account details with a third party.

 

[beatle]

Yes, looks like it's back. I think there will be some cat and mouse going on now as trackers work to hide their identity. I can see Tesla later blocking access from other providers as well based on access patterns that differ from what an app user might have.

It's sad, really. I'm sure it's because they're tired of people using this information against them to highlight faults in the car. However, I find that API access via a 3rd party site is one of the best features of the car that lets me track my charging history, how much money vs. gas I have saved, what my charging efficiency is, and how far I can actually drive on a charge, among other things. It's also good for a laugh when I charge at a family member's house and they ask to know how much to bill me for the electricity I've used. This would all be tedious at best and virtually impossible at worst to calculate myself.

 

[Jason71]

If this is deliberate, rather than just collateral damage as a consequence of Tesla shutting off Google and AWS for other reasons, then it would make a lot of sense for Tesla to either develop their own app, that has the same functionality as Teslamate, TeslaFi etc, or come to some licensing deal to allow access for third party app developers. Because of the potential security issues with doing the latter, I'd prefer it if Tesla came up with an app.

The third party app developers have already shown there's a big demand, and the current Tesla app is a bit limited, so something with the same sort of functionality as TeslaFi, but including full vehicle control, would, I'm sure, be received well. Even if they charged a subscription for the extended app features I think it would still go down well. I'd probably pay for such a service, rather than keep running a RPi with Teslamate, as I only run the latter because I don't feel comfortable sharing my Tesla account details with a third party.

Agree and Same here. I would pay a fair price though bundling it with premium connectivity might work as a model.
The AWS serverless setup I have was great for me virtually free and totally resilient........or so I thought

 

[emmz0r]

Yeah! I'm going back to Audi so that I can use Audifi.com

I think you can use VW's API, even if it's not official, it still works

 

[Durzel]

Been digging into this for most of the morning.

Didn't get particularly far setting up a site-to-site VPN tunnel between my GCP instance and another bit of kit I've got. The objective there was to route all of the internet traffic through that, so as to transparently stop TeslaMate using GCP's IPs to make requests of the Tesla API (which is blocked now anyway).

Skimmed over the TeslaMate code - it uses Finch which is a lightweight HTTP client, with no proxy options. Rewriting that side of things to use something else, with HTTP proxy support, etc would be fiddly, and not knowing the Elixir programming language and being vaguely competent with Docker I don't really know where to start.

...which leaves migrating the whole Docker she-bang off GCP onto something else. This might end up being the only practical option, but could be a cat and mouse game, particularly as TeslaMate advertises itself when making API requests, so would be trivial for Tesla to block.

 

[DaveW]

Been digging into this for most of the morning.

Didn't get particularly far setting up a site-to-site VPN tunnel between my GCP instance and another bit of kit I've got. The objective there was to route all of the internet traffic through that, so as to transparently stop TeslaMate using GCP's IPs to make requests of the Tesla API (which is blocked now anyway).

Skimmed over the TeslaMate code - it uses Finch which is a lightweight HTTP client, with no proxy options. Rewriting that side of things to use something else, with HTTP proxy support, etc would be fiddly, and not knowing the Elixir programming language and being vaguely competent with Docker I don't really know where to start.

...which leaves migrating the whole Docker she-bang off GCP onto something else. This might end up being the only practical option, but could be a cat and mouse game, particularly as TeslaMate advertises itself when making API requests, so would be trivial for Tesla to block.

I've got it up and running on Digital Ocean, as you say for how long is an unknown. I've put a very brief guide on the TeslaMate update thread, if you use the referral link at least you won't have spent any money if they do kill that access off soon too (I used someone else's, so also covered for a while).

 

[Durzel]

Thanks, will take a look. Were you able to lift the whole thing, data included, with no issues?

 

[DaveW]

Thanks, will take a look. Were you able to lift the whole thing, data included, with no issues?

Yep, installed it (docker is pre-installed when you first choose you are building a docker app) so you install from Docker Compose onwards.

I did two new subdomains, rather than move the old ones.

I then took this mornings backup from google drive, sftp'd it over, restored it and it's now up and running.

 

[BMW740iL]

Yep, installed it (docker is pre-installed when you first choose you are building a docker app) so you install from Docker Compose onwards.

I did two new subdomains, rather than move the old ones.

I then took this mornings backup from google drive, sftp'd it over, restored it and it's now up and running.

Thanks for this write up

 

[BMW740iL]

On Github this alternative was posted by MattJeanes Note: Tesla API access now seems to be blocked on various cloud providers · Issue #914 · adriankumpf/teslamate

As of last night, myself and others have been reporting Tesla API timeouts that only seem to occur from cloud providers such as Azure in my case. Looks like Tesla may have enforced some kind of ip blacklist. I'm just creating this issue as a heads up as people are likely to come here wondering why their TeslaMate instance is no longer working.

Personally I have moved my TeslaMate to a local raspberry pi, keeping the database / grafana on Azure and that works again for me.
...
There are a few different ways, but personally, I added a port mapping 5432:5432 to the database container in docker-compose file to essentially expose PostgreSQL to the host network, be very careful when doing this and ensure you have a firewall in place on the server whitelisted to your home IP address (or wherever the pi is) otherwise anyone can see and get into your database and see all your TeslaMate information which is quite sensitive e.g. locations etc

Then I basically moved the TeslaMate part of the docker-compose out, deleted that particular container on the cloud server, and put it into a new one running on the pi, then all I had to do was change DATABASE_HOST to the cloud server name, and it was all working again.

Please note that this is more dangerous than running everything locally on a pi as you are exposing your database to attacks from the public internet unless you add a ip whitelist to your home ip, hopefully you have a static home ip address!

 

[Glan gluaisne]

It might just spur me into getting back to looking at a project I started months ago, but shelved because the learning curve looked a bit steep, making simple widgets to use the Tesla API. I did get as far as getting an ESP32 to pull data from Tesla, but my plan was to do something really simple, that didn't need me to turn on my phone (phone's stay off here, as we don't have a signal, don't really use them much, so little point in keeping them on). Originally, I wanted a way to just turn on the cabin preconditioning very easily, as in just press a button and it comes on (the same as the functionality on the key fob of a the last few cars I've owned).

However, the ESP32 is surprisingly powerful, and very cheap (around a fiver). I've made a couple of simple internet radios using them (we can't get radio reception here either) and they work very well, in fact the one I fitted in the kitchen, driving ceiling mounted speakers, seems better than a rather expensive Roberts WiFi radio, in that it syncs to the house WiFi in a second or two and so starts playing streams very quickly (the Roberts can easily take ten seconds to acquire a stream, for some reason).

As a base platform for pulling data from the Tesla API and running a web server to access that data locally, the ESP seems near-ideal, especially as it uses very little power when compared to a Raspberry Pi. I have a small, pocket size, headphone internet radio built around one that will run for several days on one charge of a single 18650 cell, for example.

Might be interesting to see if the same sort of functionality that Teslamate has could be ported across to run on an ESP32, and also to look at ways of making it less obvious to Tesla that access is coming from such a device. I guess one challenge may be that I rather think that Tesla are about to change the way their app accesses their servers, as there has been some criticism that the present token system may not be that secure. If Tesla do change this, then that would mean having to try and reverse engineer the new security system, and that might turn out to be pretty difficult, perhaps (way above my skill level, though, so happy to be corrected).

 

[BMW740iL]

TeslaMate on GCP still not working for me. Will move back to my Pi today, but leave GCP up for now to see what happens.

How do I check if my GCP instance can connect to Tesla API? My Tesla is offline parked in an underground garage but when opening my Teslamate homepage I do not get a connection error on the API

 

[DaveW]

How do I check if my GCP instance can connect to Tesla API? My Tesla is offline parked in an underground garage but when opening my Teslamate homepage I do not get a connection error on the API

For me it was just that I couldn’t get any new updates through, waking my car wouldn’t update TM

 

[simon.c]

How do I check if my GCP instance can connect to Tesla API? My Tesla is offline parked in an underground garage but when opening my Teslamate homepage I do not get a connection error on the API

If you look at your teslamate page (as opposed to grafana) it will likely show a "Health check failed" red exclamation icon next to the car locked icon. If it isn't there when you first open the page it will likely appear when it next refreshes to fetch vehicle data.

 

[BMW740iL]

Status in my Teslamate homepage says:
Status offline sinds 4 d, 11 h
No icons showing and no "Health check failed"

I did the docker-compose logs in the console and found this:

teslamate_1 | 02:44:36.199 car_id=1 [info] Start / ffline
teslamate_1 | 03:20:05.935 [error] TeslaApi.Error / 408 – %{
teslamate_1 | "error" => "https://mothership-api.vn.teslamotors.com:443/vehicles/39XXXXXXX => operation_timedout with 10s timeout for txid `9ef4101c01a022981a3253c90446914c`",
teslamate_1 | "error_description" => "",
teslamate_1 | "response" => nil
teslamate_1 | }
teslamate_1 | 03:20:05.935 car_id=1 [error] Error / :unknown
teslamate_1 | 08:28:17.771 [info] GET /
teslamate_1 | 08:28:19.160 [info] Sent 200 in 1369ms
teslamate_1 | 15:39:52.847 [info] GET /
teslamate_1 | 05:58:06.332 [warn] TeslaApi.Error / timeout
teslamate_1 | 05:58:06.494 car_id=1 [error] Error / :timeout
teslamate_1 | 23:46:53.405 [error] TeslaApi.Error / 408 – %{
teslamate_1 | "error" => "https://mothership-api.vn.teslamotors.com:443/vehicles/39XXXXXXX => operation_timedout with 10s timeout for txid `4384a684fa7958dbbb7eecb64911f5a9`",
teslamate_1 | "error_description" => "",
teslamate_1 | "response" => nil
teslamate_1 | }
teslamate_1 | 23:46:53.498 car_id=1 [error] Error / :unknown
teslamate_1 | 13:34:46.188 [info] GET /
teslamate_1 | 13:34:49.279 [info] Sent 200 in 3038ms
teslamate_1 | 16:25:20.010 [warn] TeslaApi.Error / timeout
teslamate_1 | 16:25:20.155 car_id=1 [error] Error / :timeout
and the last two lines repeating until now
teslamate_1 | 16:26:20.209 [warn] TeslaApi.Error / timeout
teslamate_1 | 16:26:20.210 car_id=1 [error] Error / :timeout

 

[Jason71]

Status in my Teslamate homepage says:
Status offline sinds 4 d, 11 h
No icons showing and no "Health check failed"

I did the docker-compose logs in the console and found this:

teslamate_1 | 02:44:36.199 car_id=1 [info] Start / ffline
teslamate_1 | 03:20:05.935 [error] TeslaApi.Error / 408 – %{
teslamate_1 | "error" => "https://mothership-api.vn.teslamotors.com:443/vehicles/39XXXXXXX => operation_timedout with 10s timeout for txid `9ef4101c01a022981a3253c90446914c`",
teslamate_1 | "error_description" => "",
teslamate_1 | "response" => nil
teslamate_1 | }
teslamate_1 | 03:20:05.935 car_id=1 [error] Error / :unknown
teslamate_1 | 08:28:17.771 [info] GET /
teslamate_1 | 08:28:19.160 [info] Sent 200 in 1369ms
teslamate_1 | 15:39:52.847 [info] GET /
teslamate_1 | 05:58:06.332 [warn] TeslaApi.Error / timeout
teslamate_1 | 05:58:06.494 car_id=1 [error] Error / :timeout
teslamate_1 | 23:46:53.405 [error] TeslaApi.Error / 408 – %{
teslamate_1 | "error" => "https://mothership-api.vn.teslamotors.com:443/vehicles/39XXXXXXX => operation_timedout with 10s timeout for txid `4384a684fa7958dbbb7eecb64911f5a9`",
teslamate_1 | "error_description" => "",
teslamate_1 | "response" => nil
teslamate_1 | }
teslamate_1 | 23:46:53.498 car_id=1 [error] Error / :unknown
teslamate_1 | 13:34:46.188 [info] GET /
teslamate_1 | 13:34:49.279 [info] Sent 200 in 3038ms
teslamate_1 | 16:25:20.010 [warn] TeslaApi.Error / timeout
teslamate_1 | 16:25:20.155 car_id=1 [error] Error / :timeout
and the last two lines repeating until now
teslamate_1 | 16:26:20.209 [warn] TeslaApi.Error / timeout
teslamate_1 | 16:26:20.210 car_id=1 [error] Error / :timeout

yeah timeout is the way the problem shows up. No error response Teslas servers just don't respond at all

 

[Durzel]

Welp, I've pretty much spent the entire morning and part of this afternoon moving my TeslaMate install to a random Linux host I had access to. Unfortunately it already had Apache2 on, so I had to rejig the configuration somewhat. It's back up and running now though, and getting API info.

It's obvious at this point, but Tesla have definitely blocked AWS, GCP from their API. It's not that the API itself is down.