vaizki
commented
6 years ago it must be in there somewhere, as OAuth token endpoint requires client_id and secret to work. I however fetched the APK and decompiled it.
Open gfbarros opened 6 years ago
vaizki
commented
6 years ago it must be in there somewhere, as OAuth token endpoint requires client_id and secret to work. I however fetched the APK and decompiled it.
gfbarros
commented
6 years ago Any keywords i should be grepping for?
PaskoMoto
commented
6 years ago Hi.
I'm also struggling here. I've worked with the BMW Remote app cause I suppose the API is the same for PHEV and not-PHEV vehicles. Can anybody at least confirm that the API is still accesible?
Regards.
thkl
commented
6 years ago Currently the API is still accessible...
ipv6freely
commented
6 years ago I used to have this working but now it doesn't seem like the API will give me a token anymore.
curl \
-H "Authorization: Basic a2V5OnNlY3JldA==" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&username=ipv6freely%40gmail.com&password=MYPASSWORD&scope=remote_services+vehicle_data" \
"https://b2vapi.bmwgroup.com/webapi/oauth/token/"Gets me:
{"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
thkl
commented
6 years ago Since the old App has been deprecated, it seems the old api is also gone. But there is hope ;o)
You can use the calls BMW uses for there Connected Drive website:
to get a token make a post Request to
https://customer.bmwgroup.com/gcdm/oauth/authenticate
with data:
client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSER&response_type=token&state=FOOBAR&scope=authenticate_user+fupo&locale=en-en&password=YOURPASSWORD
You will get a redirect URL to https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html but with &access_token=HORRAYTHISISMYTOKEN attached ..
This is your Token ... There is also a timestamp which indicates the expiration time. You can use this token until the expiration time is over.
To Fetch Verhicle Data call
https://www.bmw-connecteddrive.de/api/vehicle/dynamic/v1/YOURVIN?offset=-60 and include the header "Authorization" : "Bearer ANDYOURTOKEN";
For more Infos just take a look at the BMW Connected Drive Website with a WebInspector of your choice ...
Have fun ...
ipv6freely
commented
6 years ago @thkl where are you getting the client_id and what should state be?
I'm getting a 500 error with this:
import requests
payload = {'client_id': 'dbf0a542-ebd1-4ff0-a9a7-55172fbfce35',
'redirect_uri': 'https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html',
'username': 'ipv6freely@gmail.com',
'response_type': 'token',
'state': 'FOOBAR',
'scope': 'authenticate_user+fupo',
'locale': 'en-en',
'password': 'mypassword'}
r = requests.post('https://customer.bmwgroup.com/gcdm/oauth/authenticate', data=payload)
print(r)```I‘ve fetched the clientID from the Connected Drive Website. This Id hasn’t changed since months...
The state is a various ID of your choice.
The Login is a normal oauth login procedure, so the response from the login post also includes this id.
As mentioned in my post above, just grab Chrome‘s Webinspector, make a login in to the ConnectedDrive Website and there are all informations you need. 😎
thkl
commented
6 years ago Quick guess: change the + into a space at the scope parameter. My example was html encoded 🤓
PaskoMoto
commented
6 years ago Hi. Sorry for offtopic but.... Anyone knows the method/message that triggers a location update of the vehicle? I mean the one used in the app to locate the vehicle. I'm unable to get it using Firefox & network monitoring. Regards.
ipv6freely
commented
6 years ago I'm still not able to get this working. Can you show me a curl example?
thkl
commented
6 years ago oh i do not use curl (ios ;o) but here is a http request dump :
POST /gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https:%2F%2Fwww.bmw-connecteddrive.com%2Fapp%2Fdefault%2Fstatic%2Fexternal-dispatch.html&username=YOURUSERNAME&response_type=token&state=053AC226-29D7-46CA-A234-5E79DCA6CD19&scope=authenticate_user%20fupo&password=YOURPASSWORD HTTP/1.1
Host: customer.bmwgroup.com
Connection: close
User-Agent: Paw/3.1.5 (Macintosh; OS X/10.13.5) GCDHTTPRequest
Content-Length: 0will end up in :
HTTP/1.1 302 Found
Date: Tue, 03 Jul 2018 06:05:40 GMT
Server: Apache
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, Content-Type, Accept, Cache-Control, KeyId
Max-Forwards: 20
Via: 1.0 lpb2vcn01 (BMW Group API Gateway)
Location: https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html#state=053AC226-29D7-46CA-A234-5E79DCA6CD19&access_token=THISISYOURAUTHENTICATIONTOKEN&token_type=Bearer&expires_in=7199
X-Frame-Options: SAMEORIGIN
X-NodeID: 01
X-Powered-By: JOY
Content-Type: text/html; charset="utf-8"
Set-Cookie:
.... yallayallayalla ...
Connection: close
Transfer-Encoding: chunkedthe state parameter is a random uuid
ericlawton
commented
6 years ago I've been looking into this and have no idea where to get the client_id. I live in the US so from what I've read, its not on the website. I've transferred the i3 remote app and decompiled the app, but have no idea where to start looking.
Any help is appreciated. Would love to get Siri working to activate air conditioning.
EddyK69
commented
5 years ago I have managed to get a token via a POST request via curl:
## Request
curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -vIn the response you'll find the token in Location-parameter
ericlawton
commented
5 years ago I have managed to get a token via a POST request via curl:
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -vIn the response you'll find the token in Location-parameter
I put in my username and password and tried doing this in terminal on my Mac and it just hangs. Not sure if I am doing something wrong
EddyK69
commented
5 years ago I have managed to get a token via a POST request via curl:
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -vIn the response you'll find the token in Location-parameter
I put in my username and password and tried doing this in terminal on my Mac and it just hangs. Not sure if I am doing something wrong
Works like a charm on my Mac; I don't know what you are doing wrong, sorry.
ericlawton
commented
5 years ago Works like a charm on my Mac; I don't know what you are doing wrong, sorry.
okay, rebooted and tried again and I got it to work, but now I get.... Should my token be listed there?
Location: https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html?error=access_denied < X-c2b-Exception: AuthenticationFailedAppException
thkl
commented
5 years ago Seems like an Authentication error as mentioned by the access denied parameter ....
ericlawton
commented
5 years ago Seems like an Authentication error as mentioned by the access denied parameter ....
Do you think its country specific? I'm in the US here.
thkl
commented
5 years ago maybe.. you should try a normal browser (with google chrome) login and inspect all the calls by the google chrome web inspector.
ipv6freely
commented
5 years ago I don't know if this will be useful to you guys, but I wrote this. I have it running via cron on a digital ocean droplet so I get notifications when my car is charged (why the stupid connecteddrive app doesn't send a notification when the car is charged is beyond me!)
EddyK69
commented
5 years ago To Fetch Verhicle Data call
https://www.bmw-connecteddrive.de/api/vehicle/dynamic/v1/YOURVIN?offset=-60 and include the header "Authorization" : "Bearer ANDYOURTOKEN";
Are all (or some?) of the GET/POST messages mentioned in the api-overview still valid via this method? I want to get the car statistics like Last Trip & Charging times. Is this still possible?
EDIT: Found my answer here: https://github.com/gerard33/bmwcd
mkormendy
commented
5 years ago It appears this no-longer works,.. the response returns with a Location parameter that has ?error=access_denied appended, and no longer the access_token.
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -v
mkormendy
commented
5 years ago Do you think its country specific? I'm in the US here.
maybe.. you should try a normal browser (with google chrome) login and inspect all the calls by the google chrome web inspector.
@thkl & @ericlawton ConnectedDrive for US customers has an entirely different url when using this method.
migabc
commented
4 years ago Any news on this?
ipv6freely
commented
4 years ago Any news on this?
What kind of news are you looking for? If you want a working example checkout the git repo I posted earlier.
Anyway, I don't have a BMW anymore so I'm going to drop out of this repo :)
migabc
commented
4 years ago I'm getting this error:
Apr 17 11:08:13 raspberrypi homebridge[11149]: [4/17/2020, 11:08:13 AM] [BMW 420] Getting current state...
Apr 17 11:08:14 raspberrypi homebridge[11149]: [4/17/2020, 11:08:14 AM] [BMW 420] ERROR REQUEST RESULTS: null 500 {"statusCode":500,"requestUrl":"https://ise-bev-prod-emea.bmwgroup.net/bev/vehicle/dynamic/v1/WBAxxxxxxxxxxxxxxxxxxxx","requestTimestamp":1587118094616,"logErrorId":"BEV1000","logTransactionId":"-1221427930;855052"}
Apr 17 11:08:15 raspberrypi homebridge[11149]: [4/17/2020, 11:08:15 AM] [BMW 420] ERROR REQUEST RESULTS: null 500 {"statusCode":500,"requestUrl":"https://ise-bev-prod-emea.bmwgroup.net/bev/vehicle/dynamic/v1/WBAxxxxxxxxxxxxxxxxxxxx","requestTimestamp":1587118095469,"logErrorId":"BEV1000","logTransactionId":"-517044039;978793"}It was working before I guess the authentication method or client_id has changed
I'am using the default
client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35
josh-heyman
commented
3 years ago I believe Toyota supra connect uses the same API as the old BMW connected app. Is there a way to use this Toyota API to control BMW cars
I've been grepping around for a while now and can't seem to find the OAuth2 key/secret. Not in the plist from what I can tell either. Any pointers on where I should look? Or is it gone?