The current docs could be better, but I managed to stumble through making it work. The new thing that is needed is creating a Tesla Developer Application. That isn’t hard, but it annoyingly requires setting up a publicly hosted key for them to access. I accomplished that through setting up a free Cloudflare Pages website. A rough outline of the steps I followed is below:
Create a GitHub repository to store the Tesla public key (Tesla Step 3):
Inside a Linux shell, initialize the GitHub repository and put the Tesla public key in the correct location (Tesla Step 3):
- You will need to set up authentication to GitHub for the Linux shell like Managing your personal access tokens - GitHub Docs
# Create a new local git repository to push it up the GitHub repository
mkdir REPOSITORY_NAME_HERE
cd REPOSITORY_NAME_HERE
echo "# REPOSITORY_NAME_HERE" >> README.md
git init
git add README.md
git commit -m "initial commit"
git branch -M main
git remote add origin https://github.com/GITHUB_USERNAME_HERE/REPOSITORY_NAME_HERE.git
git push -u origin main
mkdir -p .well-known/appspecific/
# Create Tesla keypair and copy the public key to the GitHub repository at the location Tesla expects
mkdir ../TeslaKeys
cd ../TeslaKeys
openssl ecparam -name prime256v1 -genkey -noout -out tesla-private-key.pem
openssl ec -in tesla-private-key.pem -pubout -out tesla-public-key.pem
cp tesla-public-key.pem ../REPOSITORY_NAME_HERE/.well-known/appspecific/com.tesla.3p.public-key.pem
# Push local git repository changes up to the GitHub repository
cd ../REPOSITORY_NAME_HERE
git add .
git commit -m "add Tesla public key"
git push
Set up Cloudflare Pages to serve the GitHub repository (Tesla Step 3):
- Git integration guide · Cloudflare Pages docs
- If you have a custom domain to use as the Origin, you can have the Cloudflare page use it:
- Custom domains · Cloudflare Pages docs
- I needed to disable “Bot Fight Mode” within Cloudflare to allow Tesla to access the public key
Create a Tesla Developer Application (Tesla Step 2)
- https://developer.tesla.com/en_US/dashboard
- Set allowed Origin URL to
https://FULLY_QUALIFIED_DOMAIN_NAME_OF_CLOUDFLARE_HOSTED_SITE_HERE/ - Set allowed Redirect URL to
https://my.home-assistant.io/redirect/oauth - Explain how everything is for personal use
- Give the application all the permissions
Inside a Linux shell, call the Tesla registration endpoint:
# Obtain a partner authentication token for the Tesla Fleet API (Tesla Step 4 Part 1):
CLIENT_ID='PUT_TESLA_CLIENT_ID_HERE'
CLIENT_SECRET='PUT_TESLA_CLIENT_SECRET_HERE'
AUDIENCE="https://fleet-api.prd.na.vn.cloud.tesla.com" # Change this to the appropriate audience for your region per https://developer.tesla.com/docs/fleet-api/getting-started/base-urls
TESLA_AUTH_TOKEN=$(curl --request POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode 'scope=openid offline_access user_data vehicle_device_data vehicle_location vehicle_cmds vehicle_charging_cmds energy_device_data energy_cmds' \
--data-urlencode "audience=$AUDIENCE" \
'https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token' | jq -r '.access_token')
# Register the endpoint with the Fleet API (Tesla Step 4 Part 2)
curl -H "Authorization: Bearer $TESLA_AUTH_TOKEN" \
-H 'Content-Type: application/json' \
--data '{
"domain": "FULLY_QUALIFIED_DOMAIN_NAME_OF_CLOUDFLARE_HOSTED_SITE_HERE"
}' \
-X POST \
-i https://fleet-api.prd.na.vn.cloud.tesla.com/api/1/partner_accounts
Set up the integration within Home Assistant:
- Enter the Tesla Application Name, Client ID, and Client Secret when asked by Home Assistant integration
- Log into your Tesla account when asked by Home Assistant integration