How to Use Undocumented APIs to Hack Your Tesla

Tesla is considered the geekster’s car of cars, based on founder Elon Musks’s vision of creating an all-electric vehicle that does not compromise on performance.

Founded in 2003 in Silicon Valley, Tesla has rolled out numerous vehicles. In 2012 Tesla launched the Model S sedan, a 100% electric vehicle capable of accelerating from 0 to 60 in 5 seconds.

Tesla is not just an automaker, but also a technology and design company with a focus on energy innovation. (source: Tesla)

Of course, developers are eager to create some funky apps that will make the expensive Tesla vehicles even more connected. Musk has said that Tesla Motors is indeed working on an SDK, with the potential to open up a Platform for third-party developers to create Internet-connected apps and making Tesla vehicles even more "gadgety."

The official SDK is expected to be delivered sometime in 2016. In the meantime, there is an unofficial JSON API for the Tesla Model S that can remotely monitor and control certain aspects of the vehicle. Of course, as an unoffical, community-driven API, it can break at any time. But, to explore the potential of APIs on the Tesla platform, we will walk through the unofficial API--testing its capabilities and determining the kinds of apps it can enable.

Overview of the API

The unofficial JSON API consists of three main categories, the Login/ Authentication module, the Vehicle List and Information category and the Vehicle Command category.


The first API Endpoint we need to get familiar with is authentication, which allows users to authenticate using the owner’s login credentials. After authentication, the system returns an access_token. Using the following client id and secret code, we send a POST request, as follows:

Client ID:=e4a9949fcfa04068f59abb5a658f2bac0a3428e4652315490b659d5ab3f35a9e

The POST URL is:

 HTTPS:// OAuth/token

You pass in the following parameters in the call:

  • grant_type: password
  • client_id: client id above
  • client_secret: secret above
  • email: email of owner
  • password: password of owner

Returning the access token, you then store and use the access_token in the header of all future API calls. The returned header would look like:

Content-Type:application/ JSON

The body return would look like:

  "access_token": "abc123",
  "token_type": "bearer",
  "expires_in": 7776000

Calling other API endpoints, in the two other categories, you would include in the header something like:

Authorization: Bearer {abc123}  //abc123 is the access_token from before

Vehicle Information

The first category of endpoints relates to vehicle information--in particular, vehicle collection, which lists all the vehicles owned by the user, and vehicle settings.

To return a list of vehicles owned by the user, including those shipped, you pass in the access_token retrieved in the authorization call. The response would look like something below:

  "response": [
      "color": null,
      "display_name": null,
      "id": 321,
      "option_codes": "MS01,RENA,TM00,DRLH,PF00,BT85,PBCW,RFPO,WT19,IBMB,IDPB,TR00,SU01,SC01,TP01,AU01,CH00,HP00,PA00,PS00,AD02,X020,X025,X001,X003,X007,X011,X013",
      "user_id": 123,
      "vehicle_id": 1234567890,
      "vin": "5YJSA1CN5CFP01657",
      "tokens": [
      "state": "online"
  "count": 1

You can also relatively easily retrieve various settings and the status of the user’s vehicle, including.

  • charge state of the car,
  • mobile access,
  • climate settings,
  • vehicle state
  • driving and position

To get the current state of the vehicle battery, you would use:

You get a surprisingly decent amount of information back:

  "response": {
    "charging_state": "Complete",  // "Charging", ??
    "charge_to_max_range": false,  // current std/max-range setting
    "max_range_charge_counter": 0,
    "fast_charger_present": false, // connected to Supercharger?
    "battery_range": 239.02,       // rated miles
    "est_battery_range": 155.79,   // range estimated from recent driving
    "ideal_battery_range": 275.09, // ideal miles
    "battery_level": 91,           // integer charge percentage
    "battery_current": -0.6,       // current flowing into battery
    "charge_starting_range": null,
    "charge_starting_soc": null,
    "charger_voltage": 0,          // only has value while charging
    "charger_pilot_current": 40,   // max current allowed by charger & adapter
    "charger_actual_current": 0,   // current actually being drawn
    "charger_power": 0,            // kW (rounded down) of charger
    "time_to_full_charge": null,   // valid only while charging
    "charge_rate": -1.0,           // float mi/hr charging or -1 if not charging
    "charge_port_door_open": true

Vehicle Commands

What fun is having a beast of a car like the Tesla if you can’t throw commands at it? Some of the commands the Tesla S can receive include:

  • Wake up the Car
  • Set Charge Limit
  • Start/Stop Charging
  • Honk Horn
  • Lock/Unlock Doors
  • Set Climate
  • Move Pano Roof
  • Remote Start
  • Open Trunk

For all of the POST endpoints below, you will get the response of true or false, to indicate whether the command was successfully received or not.

Starting the car (which requires the car to be driven within two minutes of request) can be accomplished by simply calling:

Moving the Pano Roof can be accomplished by calling:


Of course, there are many more endpoints you can explore, and, if you are part of the exclusive Tesla S owners club, tyou can go ahead and test out these methods today, However, the stability of the unofficial Tesla S JSON API means anything can break at anytime.

Tesla has promised to deliver the official SDK sometime in 2016. More than likely, it will support all of the endpoints found in the unofficial API.  But, we are even more excited to discover what other functionality an official Tesla SDK may introduce.


Be sure to read the next Internet of Things article: Tips for Successful Alexa Smart Home Skill API Certification