Since updating to 2025.1 the initialisation of this integration has increased in complexity massively ( i understand this is not the fault of the dev) and it seems the instructions require knowledge of systems i am not familiar with. I asked this on GitHub but this might be the better platform for such a request…
will there be a more detailed step by step or video specifically how to setup this integration now? i have created the developer app but not step 3 and 4 as described as these steps are beyond my skill/hardware set ATM and the initialisation fails. Is this expected behaviour
Yeah the integration is broken for me now also. My understanding is that users need to now create their own OAuth app with Tesla (was the integration handling this before?). I’m honestly not sure how this is supposed to work given that tesla expect a cert on the domain they’re calling back to, isn’t that going to be nabu casa? How would users be able to deploy a cert there?
I have reverted back to 2024.12 to get my Tesla integration working again. I guess I’ll stay on this version until it stops working… or I can figure out the new steps required… or the process is simplified somehow
The current docs could be better, but I managed to stumble through making it work. The new thing that is needed is creating a Tesla Developer Application. That isn’t hard, but it annoyingly requires setting up a publicly hosted key for them to access. I accomplished that through setting up a free Cloudflare Pages website. A rough outline of the steps I followed is below:
Create a GitHub repository to store the Tesla public key (Tesla Step 3):
# Create a new local git repository to push it up the GitHub repository
mkdir REPOSITORY_NAME_HERE
cd REPOSITORY_NAME_HERE
echo "# REPOSITORY_NAME_HERE" >> README.md
git init
git add README.md
git commit -m "initial commit"
git branch -M main
git remote add origin https://github.com/GITHUB_USERNAME_HERE/REPOSITORY_NAME_HERE.git
git push -u origin main
mkdir -p .well-known/appspecific/
# Create Tesla keypair and copy the public key to the GitHub repository at the location Tesla expects
mkdir ../TeslaKeys
cd ../TeslaKeys
openssl ecparam -name prime256v1 -genkey -noout -out tesla-private-key.pem
openssl ec -in tesla-private-key.pem -pubout -out tesla-public-key.pem
cp tesla-public-key.pem ../REPOSITORY_NAME_HERE/.well-known/appspecific/com.tesla.3p.public-key.pem
# Push local git repository changes up to the GitHub repository
cd ../REPOSITORY_NAME_HERE
git add .
git commit -m "add Tesla public key"
git push
Set up Cloudflare Pages to serve the GitHub repository (Tesla Step 3):
Thanks @jenkinsmichpa! I was able to get the integration working again with your instructions. Great idea to use Cloudflare Pages to host the certificate.
The private key will stay local and will not be synced to the remote github repository.
Although you should keep this repo private it will be synced to the cloudflare pages otherwise.
@Edwinth that shouldn’t be necessary if you follow the instructions exactly. The private key is generated in a directory outside of the repo and only the public key gets copied into it. That said it certainly isn’t going to hurt anything to add the public key name to the ignore file.
@Brett_Adams seems the integration now also supports commands when uploading key to the car via BLE.
High level question: How is this integration different to the previous custom Tesla integration (from HACS) + Tesla Proxy addon?
I tried to find info on the web but found zero (and nobody is able to answer this question with satisfactory confidence).
It seems both are really doing the same and then I am thinking the new integration would be much simpler than running a HACS integration plus an additional addon.
Do they support the same feature set and should one update from the Tesla Proxy to the fleet api integration?
But then I’m also confused about two things:
1.) Why does the integration require to upload the key to the car via BLE? With the Tesla proxy approach this isn’t required. I can control my new 2023 car without issues
2.) People report that the public key must be hosted on a site with an SSL certificate that’s from a narrow list (And LetsEncrypt is not on it). However, I run Tesla Proxy behind LetsEncrypt and it works. Why does the Fleet integration have this strange requirement (but Tesla proxy approach not)?
Using Bluetooth is the only way to get your key onto your vehicle without hosting it on a website. This was great when the integration has its own client ID built in, but now people need to host the public key anyway so Bluetooth isn’t required.
I created https://fleetkey.cc to help people host their keys, register them, and install with the Tesla app.
At a high level the main difference between the integrations is that Tesla Fleet was built for the Fleet API from the beginning, and is entirely inside Home Assistant written in python. The other integration has been around for much longer but as we transition away from the owner API it had to use the command proxy and such to work.
There are lots of little difference because they were created independently and use different libraries.
Tessie, Teslemetry, and Tesla Fleet all work very similar, because I wrote and maintain all three, and each one is a copy of the last with changes.
@dydx you can use LetsEncrypt. I host the key via nginx and use Nginx-Proxy-Manager with LetsEncrypt to make it accessible. Works just fine.
@Brett_Adams thanks for your works first of all. A few things to make it easier for others to use the Tesla Fleet Integration:
On fleetkey, it says “First generate a private key. This needs to be placed in your Home Assistant config directory for command signing.” while this is nowhere mentioned in the Telsa Fleet Inegration, only how to do it with the command line tool which is no longer needed I guess?
The last step with the Virtual Key is also not mentioned for the Integration. After Step4 from the Tesla Dev site, one has to use https://www.tesla.com/_ak/sub.mydomain.com in order to link the key to the car.
Use the correct Base URL from getting-started/base-urls when making calles for Step 3 and 4.
I’ve created some scripts to be able to do Step 3 and 4 so here they are:
GetPartnerToken
$CLIENT_ID = "ClientIDFromTeslaDevWebsite"
$CLIENT_SECRET = "ClientIDFromTeslaDevWebsite"
$AUDIENCE = "https://fleet-api.prd.eu.vn.cloud.tesla.com"
$OUTPUT_PATH = "./PartnerToken.json"
# Set up parameters for the API request
$Body = @{
grant_type = "client_credentials"
client_id = $CLIENT_ID
client_secret = $CLIENT_SECRET
audience = $AUDIENCE
scope = "openid vehicle_device_data vehicle_cmds vehicle_charging_cmds energy_device_data energy_cmds"
}
# Make the POST request and save the result to the file
$response = Invoke-RestMethod -Uri "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token" -Method POST -ContentType "application/x-www-form-urlencoded" -Body $Body
# Save the JSON response to a file
$response | ConvertTo-Json -Depth 10 | Out-File -FilePath $OUTPUT_PATH
RegisterDomain:
# Load the JSON response from the file
$response = Get-Content -Raw -Path "./PartnerToken.json" | ConvertFrom-Json
# Extract the access token
$BEARER_TOKEN = $response.access_token
# Set public key and domain details
$PUBLIC_KEY = "https://sub.mydomain.de/.well-known/appspecific/com.tesla.3p.public-key.pem"
$DOMAIN = "sub.mydomain.de"
# Prepare the request body
$Body = @{
public_key = $PUBLIC_KEY
domain = $DOMAIN
} | ConvertTo-Json -Depth 10
# Make the POST request to register the domain
$response = Invoke-RestMethod -Uri "https://fleet-api.prd.eu.vn.cloud.tesla.com/api/1/partner_accounts" `
-Method POST `
-Headers @{
"Authorization" = "Bearer $BEARER_TOKEN"
"Content-Type" = "application/json"
} `
-Body $Body
# Output the response (save it if needed)
$response | ConvertTo-Json | Out-File -FilePath "./register_response.json"
Remember to use the correct base URL and replace sub.mydomain with your domain.
Ooooh I see. Paraphrase: Previously the integration had a a single client ID (as “Open Source” project) but everyone created different keys that had to be uploaded to the car. Now Tesla ended this and everyone needs to create an own application and keys. Now this has to be hosted anyway and uploading to car manually wouldn’t work any more. Is this correct?
I can think of one advantage going the proxy+custom integration route: It additionally supports updates via MQTT which can come from Teslamate … so content data can be more up2date. Is this something that’s planned for the Fleet API as well?
Otherwise, is the number of sensors and controls the same between the two? If so, I do not see any reason to use custom integration + proxy. Do you agree?
Awesome, that’s really nice of you!
I see the TLS certificate is not LetsEncrypt. Is this on purpose?
And just for my understanding: The reason for offering is to help people host the .pem file in .well-known directory in case they don’t have their own domain/webserver?
I have been following a guide to re-enable Tesla fleet.
Everything seems to work fine, I can sign in to Tesla but when I click add to HomeAssistant the Tesla Fleet is stuck at “Loading next step for Tesla Fleet”
Anyone has the same issue?
Redid the procedure trying both the NA and the EU urls and now it worked.
Thanks for the site. I got it to work using https://fleetkey.cc. I have a question, how long does the keys last? DO I havae to do this again in 90 days?
Can you explain a little bit more on how to do this with NGINX proxymanager? I am running unraid, got my own domain, running proxymanager. Would love to fix this with selfhosting. Are the below scripts needed? And how would I use them?