[wedn3sday]

I take it as a sign of the current state of hackernews that nearly no one took the time to actually RTFA. This isnt about making apps that run on the car, this is about being able to integrate your external apps with the fleet API. Like, can external app that has permission would be able to locate the vehicle.

That said, I think the security implications are fairly important, since I expect one of the exposed features is to be able to unlock or start the car.

[modeless]

Almost all of this functionality has been available for many years through the reverse engineered API used by the official Tesla app. There is unofficial third party documentation and many third party apps using it are available.

The difference here is that Tesla is creating a new, officially supported API explicitly for third parties, with official documentation, scoped authentication, and a developer program that requires registration (and in the future, payment). Presumably once the SDK is finalized they will start cracking down on apps using the older reverse engineered API.

The only new functionality AFAIK is a push API that allows cars to directly stream information to your server via their cellular connection; previously the information was available but required polling through Tesla's intermediary servers.

[davedx]

I've been doing that for a while with my own car because their API (like other OEM's) is just an OAuth2 REST API with unofficial documentation. So I think this is more "Tesla is launching their developer API documentation and officially letting people develop against it".

Fwiw Tesla's has been the best to work with in my limited experience. Ford's is also decent but the most important remote commands (like start/stop charging) seem to be hidden behind obfuscated endpoints. I spent quite some days trying to reverse engineer them but ultimately gave up.

[londons_explore]

> I expect one of the exposed features is to be able to unlock or start the car.

I'd really like that (effectively allowing third parties to implement their own tesla app).

However, I suspect that no/very few third parties will be allowed to have that API scope.

[jejeyyy77]

Why not? API calls are scoped to a token associated with your Tesla vehicle(s).

This API looks like it is meant to control entire fleets.

Also, like Apple devices, I assume Tesla will have master control over the cars in the same way and can brick them if needed.

[MBCook]

> Also, like Apple devices, I assume Tesla will have master control over the cars in the same way and can brick them if needed.

They’ve done this in the past a few times haven’t they? Like when people have done battery swaps or refurbs without Tesla’s approval?

[londons_explore]

I don't think they have bricked peoples cars directly...

They just take away the ability to do supercharging and to use the app.

Basically, your smart car becomes a dumb car. But you can still drive it - you just can't use any service that requires their servers.

[zoover2020]

What you just described is bricking then, no?

[verve_rat]

No. To brick something means to take away all functionality, to make it as functional as a brick.