Tesla’s API: From Old to New, With Improved Customer Privacy / Security in View
At TezLab customer security and privacy are one of the key tenets to success. We work hard day and night on both the product aspect of customer security as well as deploy whatever technology we can from a purely technical perspective.
With that, we’re excited to discuss ongoing work with Tesla as they continue developing their official 3rd party API for the broader Tesla developer community.
In the past, developers building great products for the Tesla community were using a system that wasn’t fully supported by Tesla. Even though Tesla didn’t directly support the use of the API, it was clear there was immense demand given the thousands of applications that have been built over the years.
Munro Live on Youtube (shoutout to Thomas D. who’s leading a lot of this API work) recently interviewed a few key executives, Andrew Lau included who heads up software at Tesla. In part of the interview, Lau talks specifically about Tesla’s interest in the developer community and as a result, the new official API.
For those of us who have been building wonderful Tesla related products and applications – this came as very welcome and much needed news..
Let’s talk about a few details – There’s a lot to love about the new API outside of it now being fully supported and embraced by Tesla, let’s start with a few highlights:
- Better security and control for Tesla drivers
- Previously, all apps had to use unofficial reverse engineered APIs that used blanket access to Tesla Accounts through an unofficial login process
- There is now an official login process that properly identifies each app when a connection is established.
- Now, all apps can request only the permissions they need in order to provide a great experience for Tesla drivers. Drivers can clearly see this, and can remove apps’ access to their Tesla accounts on an app-by-app basis at any time.
- Customers now gain greater control over which apps have access to which information.
- Security of controls is a major leap forward
- In the past, once a connection was established to a Tesla account, commands could be sent to a vehicle using that connection and the vehicle would action the request.
- The new Tesla Fleet API provides greater security for Tesla drivers by requiring that apps cryptographically sign all commands with a private key that is then verified in the car to ensure the command is coming from the app that the customer authorised. Though it sounds complicated technically, in practice this means that even if someone were to get their hands on the connection token for an account, they could not use it to send commands to unlock or start a vehicle.
These are some of the major highlights that make it both better for developers to build safe and secure systems but also allow customers to feel very secure about who has access to their data and how it flows throughout the internet.
At TezLab we work hard to make sure this is clear and Tesla building a robust official system, allows us to make the experience even more private, secure and polished for our ever growing community.
Does this mean eventual app store? It’s hard to over speculate on if / when an official app store will take shape but all the positive developments and continued investment in FSD (Full Self Driving) signals a deep interest in a future app store for phones and cars. This official API is certainly a strong signal for Tesla’s desire to ultimately have a powerful app store of their own.
How do I use the new system? We are glad you asked. It’s really very simple – anyone who’s new to TezLab will automatically be added to the new system. Similarly, if you’re an existing customer, you can simply logout and back in, check a few security boxes and ride on our new rails. Yup, it’s that simple and yes, the new rails are fast!
We appreciate Tesla’s ongoing support with the Tesla developer community and are excited about seeing new features they are going to deploy to catalyse the next generation applications.
If you’re a developer and need help or have questions related to implementing the new API system or are a customer that wants to learn more – drop us an email at support or talk to us on X.
Thanks,
Team TezLab.
Tezlab Blog 
Leave a comment