[New Car model] Peugeot 208 GT (2021)

[Windows81User]

I have a "Can't get car model" error. Information to add my car model to the app:

• Brand: Peugeot
• Model: 208
• First ten letter of my VIN: VR3UPHNSSM
• Useable Electric capacity in kw: 0
• Fuel capacity in liter: 44

[thommierother]

The Peugeot 208 GT worked already (mine was delivered 4 weeks ago). I think PSA guys are playing with their API, which breaks API connection and would be an explanation for a number of errors we can see in the last few days.

[Windows81User]

Hi @thommierother, Thanks for your answer :)

But I see on your website an article (https://www.netzwissen.de/wiki/doku.php?id=peugeot&rev=1622270406) about the Peugeot e-208. Have you the Peugeot 208 or e-208?

The electric version has seemingly no problems with API data.

[thommierother]

I have an e-208, youre right, there may be significant differences between the eletric and the petrol models.

[Windows81User]

Thank you for your quick answer :)

On Monday, I will try to find out more information about my problem from the peugeot customer support.

I will get back to you later with the results of the call :)

[Windows81User]

I decompile the MyPeugeot app an I found an interesting information. The app use another API.

The app post trips, alerts and other car information to this api endpoints.

[thommierother]

... interesting, I see /api/v1/ endpoints and I think the PSA controller uses "v4", see docs at https://developer.groupe-psa.io/webapi/b2c/api-reference/specification/

I fear the documentation is not really representing the complete truth (same situation with other OEMs ...). But @flobz may know more details about struggling with changing endpoints... ;-( .

[moulagaufre]

I decompile the MyPeugeot app an I found an interesting information. The app use another API.

The app post trips, alerts and other car information to this api endpoints.

Nice spot. I tried all of them with valid credential, and got: HTTP/2 200 OK Server: nginx Date: Sat, 29 May 2021 18:41:35 GMT Content-Type: application/json Cache-Control: no-cache

{"errors":{"130":"error.vehicle.bta.eligibility"}}

[Windows81User]

I decompile the MyPeugeot app an I found an interesting information. The app use another API.

The app post trips, alerts and other car information to this api endpoints.

Nice spot. I tried all of them with valid credential, and got: HTTP/2 200 OK Server: nginx Date: Sat, 29 May 2021 18:41:35 GMT Content-Type: application/json Cache-Control: no-cache

{"errors":{"130":"error.vehicle.bta.eligibility"}}

Can descripe your way, please ? ☺️

[flobz]

I'm not sure but those endpoint are used to send data, not get data.

[Windows81User]

I'm not sure but those endpoint are used to send data, not get data.

@flobz I think you are right 👍

@moulagaufre I'm interested in the way to test the API endpoints, because i fail with the authorization :(

[Windows81User]

I found another RestAPI.java in MyPeugeot app with GET-Routes :)

But i found too this :

I think that route gives us information about maintenance.

The API design of PSA is possibly wrong :(

[moulagaufre]

I'm not sure but those endpoint are used to send data, not get data.

I don't know why you think that, they seem get data apis (especially the trip/xx one, which cannot be an upoad api). iF you say that because they are POST, that's common for api that have complex arguments. I think that's because it's an old api (v1), but these are to me definitely get data endpoints as the one you use in your python program (except you are using newer ones). For instance the API that get BTA info is also a POST, and as stated in the other issue, I would be very interested in the result you get on an EV/PHEV car like yours.

POST /api/v1/user/vehicles//contracts?siteGeo=0000025371&rrdi=951830U01F&v=1.29.1&culture=fr_FR HTTP/2 Host: mw-ap-rp.mym.awsmpsa.com Source-Agent: App-IOS Accept: application/json Content-Type: application/json Accept-Language: fr-fr Accept-Encoding: gzip, deflate Version: 1.29.1 User-Agent: MyPeugeot/202104161700 CFNetwork/1237 Darwin/20.4.0 Token: xx Content-Length: 194 Connection: close

{ "ticket" : "xx", "data" : { "mileage" : 768.10000000000002, "timestamp" : 1622309135 }, "siteCode" : "AP_FR_ESP" }

HTTP/2 200 OK Server: nginx Date: Sat, 29 May 2021 18:43:52 GMT Content-Type: application/json Cache-Control: no-cache

{"success":{"bta":{"type":"DEX BTA","status":0,"level":0},"services":[],"nac":[{"type":"NAVCOZAR","status":2,"validity":{"start":1620172800,"end":1714867200},"is_extensible":false,"title":"Pack Navigation connect\u00e9e","category":"connected_services"}],"club":[],"adsd":{"type":"ADSD","status":0},"tmts":{"type":"TMTS","status":2,"validity":{"start":1619136000,"end":1934755200},"is_extensible":false,"title":"TELEMAINTENANCE","category":"connected_services"}}}

[moulagaufre]

I'm not sure but those endpoint are used to send data, not get data.

@flobz I think you are right 👍

@moulagaufre I'm interested in the way to test the API endpoints, because i fail with the authorization :(

Well I capture throuh a proxy the traffic of mypeugeot on my iphone, and then replay request changing endpoints (but keeping tokens). I use Burp + mitmproxy for tooling.

[moulagaufre]

For me it seems more and more that petrol car are not supported by the api. And maybe as I see people having problem with them in EV/PHEV (and also because mypeugeot is not using them at all, and only do bluetooth sync with the car. The api you've seen in the code are never used on my end live) maybe it won't be open to end user, and will be limited to PSA and companies that buy the access.

[Windows81User]

@moulagaufre the sniffing with mitmproxy does not work for me :(

I get the following response and then I automaticly logged out of MyPeugeot on my iPhone 6s.

[moulagaufre]

You need to follow what’s written on the readme to make mitm use the app’s certificate

Le dim. 30 mai 2021 à 13:20, Windows81User @.***> a écrit :

@moulagaufre https://github.com/moulagaufre the sniffing with mitmproxy does not work for me :(

I get the following response and then I automaticly logged out of MyPeugeot on my iPhone 6s.

[image: Bildschirmfoto 2021-05-30 um 13 18 35] https://user-images.githubusercontent.com/67204274/120102091-b6e27580-c149-11eb-9321-225942f6ec18.png

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/flobz/psa_car_controller/issues/151#issuecomment-850983312, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGCPKKVLYAAHHAYT4GKR54DTQINQTANCNFSM45UGXTBQ .

[Windows81User]

@moulagaufre Sorry but I did not get that :(

I understood that mitm needs the client certificate as *.pem file. But I have not the certificate as file :(

[moulagaufre]

Everything is here: https://github.com/flobz/psa_car_controller/blob/master/docs/Develop.md

GEt the pfx file from the apk in assets directory

[Windows81User]

@moulagaufre thanks for your quick answer :)

I will try out on the next week :)

[flobz]

i add the thermal 208 to car model : a2e909d I close the issue it's duplicate with #57