Tesla Developer API Guide: HTTP-Proxy Server Integration (Part 4)
Tesla made the Vehicle commands API publicly accessible during the October time frame of 2023. During the initial launch, these APIs can be directly consumed with just the oAuth tokens to pass the commands to the vehicles. Later in a month, Tesla announced that the APIs would be deprecated in favor of the vehicle command SDK, which uses a Http-Proxy server to forward the commands to the vehicle. Tesla is moving towards a more secure way of passing the commands to the car apart from just validating the oAuth tokens.
I drew the high-level architectural design to send commands to the Tesla vehicle.
Let us see in detail how to set up the http proxy server in the local environment until end-to-end testing of the vehicle commands.
Pre-Requisites -
1) Golang is already installed
2) Public and private keys generated while registering the third-party app at the Tesla portal are available
3) A valid Tesla user credential to generate the access token
4) Vehicle command SDK checked out from the GitHub- https://github.com/teslamotors/vehicle-command/tree/main/cmd/tesla-control
Step 1 ::
Navigate to the folder where you want to create the TLS server certificate needed by the HTTP proxy server
Use the below command to create the private and public key -
openssl req -x509 -nodes -newkey ec \
-pkeyopt ec_paramgen_curve:secp521r1 \
-pkeyopt ec_param_enc:named_curve \
-subj '/CN=localhost' \
-keyout key.pem -out cert.pem -sha256 -days 3650 \
-addext "extendedKeyUsage = serverAuth" \
-addext "keyUsage = digitalSignature, keyCertSign, keyAgreement"
key.pem is the private key file.
cert.pem is the TLS certificate chain file.
Step 2 ::
a) Navigate to the ‘ tesla-http-proxy’ folder in your terminal
b) Use the below command to build the proxy server
go build
Step 3 ::
Start the HTTP proxy server using the following sample command
./tesla-http-proxy-tls-key /Users/shankarkumarasamy/Desktop/Tesla/tls-key-server-keys/key.pem-key-file /Users/shankarkumarasamy/Desktop/Tesla/tesla-app-registragtion-keys/private.pem-cert /Users/shankarkumarasamy/Desktop/Tesla/tls-key-server-keys/cert.pem-port 4443 -verbose
Do not listen on a network interface without adding client authentication. Unauthorized clients may be used to create excessive traffic from your IP address to Tesla’s servers, which Tesla may respond to by rate limiting or blocking your connections.
Options:
Required parameters –
-tls-key {path_to_the_file}
Server TLS private key file. This is generated in the above step (key.pem)
-key-file {path_to_the_file}
A file containing private key. This is the private key generated while registering the third party app with tesla
-cert {path_to_the_file}
TLS certificate chain file with concatenated server, intermediate CA, and root CA certificates. This is generated in the above step (cert.pem)
-port {optional_port_number}
Port to listen on (default 443). For testing purposes use port 4443
Optional parameters –
-domain value
Domains to connect to (can be repeated; omit for all)
-host hostname
Proxy server hostname (default “localhost”)
-key-name name
System keyring name for private key. Defaults to $TESLA_KEY_NAME.
-keyring-debug
Enable keyring debug logging
-keyring-file-dir directory
keyring directory for file-backed keyring types (default “~/.tesla_keys”)
-keyring-type type
Keyring type (file|keychain|pass). Defaults to $TESLA_KEYRING_TYPE.
-session-cache file
Load session info cache from file. Defaults to $TESLA_CACHE_FILE.
-verbose
Enable verbose logging
Step 4 ::
Open a new terminal and execute the following command to verify whether the commands work
curl
--cacert /Users/shankarkumarasamy/Desktop/Tesla/tls-key-server-keys/cert.pem \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InE0dHg3Q1UyYzI2V1BiemwxZjZjanM3QnhzayJ9.eyJpc3MiOiJoasdadadadaszYzOX0.EgjZKPIVjIbXpzhTYAa8a6g58PhKNYTNef6wI2oKdIQzIj21XHnsvg5i-QVb2AMktvIe6SLdeTNlM65i5MUMf-PihqS4xZ1daDPMdsYwM_lXHDWIJmmTOses2O-X7XFQQgONMp67_9XvSy-IC9Q5-AuFjScA5vcSCz3nGJdFAGAS0Ao7IEM-VmvXwC5pl8kzQTZvFL5R7LWPUuzMOJ3toPbM82DUtshZOSMQ0lF8Jr9eTegTmYMvVdvfqqsWARhW2ohpfDyRa2j5XLfZlusb5bbE4fYgNItT7tLm0JA0GUUJ0kR90Njm_X99pOL-65RAIbxi4pzrlecxsFTYOE3n3w" \
--data '{}' \
"https://localhost:4443/api/1/vehicles/7SAYGDEE2PA110666/command/flash_lights"
Options:
Required parameters –
-cacert
TLS certificate chain file with concatenated server, intermediate CA, and root CA certificates.
-header ‘Content-Type’application/json
-header ‘Authorization: Bearer’
The Access Token of the user
-data
Any optional parameters to send with the commands
-{command}
The actual command to be sent to the vehicle
This blog helps you in running the HTTP-proxy server.
Happy learning!
Originally published at http://shankarkumarasamy.blog on February 26, 2024.
