Skip to content

/tesla-api

Permalink
Branch: master
Find file Copy path

tesla-api/docs/api-basics/authentication.md

Find file Copy path
@matthew-pakulski matthew-pakulski Add instructions to refresh the access token. (#96) 394368d Dec 11, 2018
2 contributors

Users who have contributed to this file

@timdorr @matthew-pakulski
90 lines (68 sloc) 3.1 KB
Raw Blame History
description
The authentication process for the Tesla API

Authentication

POST /oauth/token?grant_type=password

The initial authentication process is via an OAuth 2.0 Password Grant with the same credentials used for tesla.com and the mobile apps.

The current client ID and secret are available here.

You will get back an access_token which is treated as an OAuth 2.0 Bearer Token. This token is passed along in an Authorization header with all future requests:

Authorization: Bearer {access_token}

The access token has a 45 day expiration.

Request parameters

Field Type Example Description
grant_type String, required password The type of OAuth grant. Always "password"
client_id String, required abc The OAuth client ID
client_secret String, required 123 The OAuth client secret
email String, required elon@teslamotors.com The email for the authenticating Tesla account
password String, required edisonsux The password for the authenticating Tesla account

Request

{
  "grant_type": "password",
  "client_id": "abc",
  "client_secret": "123",
  "email": "elon@teslamotors.com",
  "password": "edisonsux"
}

Response

{
  "access_token": "abc123",
  "token_type": "bearer",
  "expires_in": 3888000,
  "refresh_token": "cba321",
  "created_at": 1538359034
}

POST /oauth/token?grant_type=refresh_token

You can use the refresh_token from the Password Grant to do an OAuth 2.0 Refresh Token Grant and obtain a new access token. Note: This will invalidate the previous access token.

Request parameters

Field Type Example Description
grant_type String, required refresh_token The type of OAuth grant. Always "refresh_token"
client_id String, required abc The OAuth client ID
client_secret String, required 123 The OAuth client secret
refresh_token String, required cba321 The refresh token returned from a previous token request.

Request

{
  "grant_type": "refresh_token",
  "client_id": "abc",
  "client_secret": "123",
  "refresh_token": "cba321"
}

Response

{
  "access_token": "abc123",
  "token_type": "bearer",
  "expires_in": 3888000,
  "refresh_token": "cba321",
  "created_at": 1538359034
}
You can’t perform that action at this time.