Last updated 12-Jan-2023
Each Tesla car produces a wealth of data that can be accessed by the owner. There are a number of ways to capture this information and use it to produce statistics for your car. There are however some important considerations when doing this, the most important being security, as providing any 3rd party with your Tesla email address and password, or to a lesser but still significant degree, your Tesla Token, is a potential security risk.
We run through the different options and help you get started with each of these approaches.
Before we go into the different options it is worth explaining a little about how all these systems work. Your Tesla app uses an API to connect your phone, via the internet, to Tesla servers which in turn connect to your car. This API has been hacked (maybe deciphered is a better word) and this enables 3rd parties to access the car by mimicking the messages the official app sends to the car.
For the API to work and determine which car you want the data for, you need to send, via the API, certain details to identify your account and the car.
All commands simply require the API Token and the car ID. The API token expires about every 8 hours and so you need to keep recreating the token. To do so, you need to either start from first principles and provide your Tesla email address and password, or use a refresh token.
Your email address and password has some protection if you have MFA enabled, however if you do not, they have access to your online Tesla account as well as the car. In practice, few now want your email address and password, and if you do provide it, they will generate a refresh token. If you use a refresh token, then as this does not expire, whoever has access to this has complete access to your car via the API. The refresh token does not have any secondary security like MFA, once issued it will last for a very long time and can only be revoked by changing your Tesla password.
It is worth understanding the risks. Anyone who has your refresh token has the same access to the car that you do through the Tesla app, this includes locating the car, opening it, disabling sentry mode, and potentially even remote starting the car so they can drive it away.
The last thing you want to do is give any third party your Tesla email or password. We have developed our own Tesla API token utility which uses Teslas own webpages to generate a short lived intermediate token from which we can generate the refresh and API tokens. This avoids the need to provide your account details to anyone. These tokens can be used by any 3rd party who asks for access, but we iterate, once you have shared the token, they whave permanent access unless you change your Tesla password.
There are broadly 3 different types of data loggers
Online data loggers such as Teslafi, ask you to log into their systems and provide your details. There are a number of options that you can configure regarding sleep, units, etc and this has become a popular option. They use the collected information (your information) and use this in a number of ways including generating notifications when new software updates have been detected. They also try to pool data to show degradation and charge rates across a number of similar cars. Your security is now only as good as theres.
Our view is the same for ALL web hosted services or applications that request your Tesla tokens. The more data they hold, the greater a target they are for any hacker, and there is evidence that one of them has been breached at some point as Tesla forced a password reset on many owners. That said, they are popular and many use them, just make sure the 3rd party developer is a well known one, and like many security activities, be mindful of people tryinmg to pursuade you to share your token without good cause.
The primary advantage such a service provides is that you simply need to create an account and log in.
The second option is a locally hosted service. This means the service is run on your own hardware and you have complete control over the device. Your security is as good as your own local security.
While a locally hosted service sounds complex and expensive, it need not be. These options can be run standalone on something like a Raspberry Pi which costs about the same as an annual subscription to Teslafi. The install can be performed in under 15 mins following a simple set of instructions using Docker, which is a standard approach hosting such applications. Alternatively you may already have existing hardware which is suitable such as a Network attached storage (NAS) or any other computer systems that supports Docker, in which case the hosting option could be free.
The two most common loggers are TeslaMate and TeslaLogger which share their origins. The two are very similar although we currently feel TeslaMate is easier to get going while TeslaLogger has more extensive options such as the ability to combine API data with that collected from within the car by apps such as scanmytesla.
The primary advantage of this approach is the security, plus the ability to develop your own dashboards as the data is locally available to you. You can also combine these systems with home automation type software running locally and so these provide a platform for wider integration. The software is held on github and open to scrutiny which allows independant develoeprs to review the code and highlight any backdoor security weaknesses or faults. A second advantage of locally hosted solutions is that 3rd party hackers would need to know to target you. As such, it would be an incredibly speculative attack to both single you out for an attack and go looking for an instance of Teslamate by somebody interested in your Tesla.
One quick tip for Teslamate is to geofence your home location and set the cost of your electricity, this will enable home charging costs to be automatically calculated for you.
Because of the nature of the locally hosted options which run inside an application called Docker, these can be configured anywhere a Docker environment is available, including on a cloud server. Cloud services vary in price but can be had for relatively small amounts of money on a subscription basis, and for those who already have access to a suitable web hosting package the incremental cost could be negligible.
The disadvantages of the cloud environment are largely the same as for a hosted environment, however we believe the risks are smaller on a personal environment as malicious activity is more likely to be focused on sites with many users data.
The advantage of the cloud hosted is you can leave it running, you have no need for a local web connection 24/7 and access to the reports while out and about are slightly easier. Our preference however would be the locally hosted solution as for most people the advantages of home integration or a trial and error approach on a local Raspberry Pi is more fun and more secure.
In car data logging by monitoring the cars canbus is a fairly specialist activity and of a different order of complexity to perform.
The advantages are primarily the depth of information that can be extracted. This can be instantaneous power output, speed, a variety of temperatures from different components, individual battery cell voltages and so on. For some, this type of information is fantastic, especially if they are trying to trouble shoot an issue. For others is just curiosity and they enjoy the challenge of setting the car up and actually obtaining the data even if there's little meaningful benefit of doing so,
To do so you need to buy a canbus adapter cable to ODBC, and an ODBC transmitter. These are fairly readily available although you need to ensure you get the correct canbus connector for your age and model of car. Access on the MS and MX is relatively easy through the removal of a small trim part beneath the large screen.
To make sense of the data stream software such as Scanmytesla is required which will translate all the various data codes into more meaningful dashboards and reports for the owner. As mentioned above, scanmytesla data can also be combined with teslalogger to mix the real time data streams and the broader data available via the API to give a more comprehensive view of the car, although the configuration of such a setup is not trivial.
In some regions, cheap electricity is available over night or at certain times of the day. These windows sometimes change to to local electricity pricing. Some electricity provides request your Tesla token so they can control the cars charging to maximise the benefit. There are also simpler versions where the car charging schedule can be easily controlled as the Tesla scheduler is ver poor. These can work well, although they can also stop the car from sleeping.
We don't log data, but we do provide a simple API that enables you to do so, or control the car. See out Tesla Automation pages for more information.
One of the common reported side effects of 3rd party applications is they prevent the car from sleeping. This should simply not be the case as the API has specific commands to wake the car, and other commands will fail if the car is asleep. If you suspect the 3rd party app is preventing the car from sleeping, it's time to get rid of the app, but to do so you will need to change your Tesla password,
Ways you can support tesla-info