JLR API change = integration dead?

[JonSilver]

Jaguar changed its API at 6am GMT this morning, so it's now inaccessible to any 3rd party library or app. Is there a way around this? Or shall I send my Jag back to the leasing company and get a properly connected car?

[msp1974]

Nobody is sure yet. @ardevd is looking at it.

[ardevd]

I'll be looking into the issue shortly, though JLR actively opposing third party apps this way is a new posture and does not bode well. Originally, I almost got JLR legal sent at me when I first reversed and documented the InControl API and launched jlrpy and WattCat. All my known contacts have left the company so I have no insight into what is behind this recent move to cut off third party API access.

[JonSilver]

They don't want to allocate the budget to talk to third parties, nor do they want to allocate the budget to running a poorly-designed API that's probably been hit far too hard by third-party apps. Whereas changing it so it works only with their app is a relatively cheap option, and the one they've taken because they have all the vision and foresight of a dead woodlouse.

My 2nd hand Renault Zoe is now a better connected car than my brand new i-Pace.

• My wife can no longer precondition the car with a voice command
• HA can no longer lock the car when I forgot to do it
• We shall no longer be alerted to charge the car if it's low on charge and we go to bed without plugging it in
• The additional security measures provided by HA's automations will no longer be a thing

... and a whole load more fantastic conveniences we've previously enjoyed.

But the worst thing is that none of these conveniences will be provided by Jaguar's own app either, because it's a useless heap of bad software.

[ardevd]

@JonSilver I agree 100%.

[msp1974]

From @troon on the jlrpy issue fyi (presume from JLR themselves)

We are responsible for the performance and safety of our vehicles and provide a warranty for this. We are not able to test, approve and warrant the safety and security of unauthorised third-party access to our vehicles and its data. This is a permanent change and only approved, authorised and tested apps will have access to our vehicles and their data. We are working to develop authorised solutions to smart home and energy services as quickly as possible. We apologise for any inconvenience this may have caused, but hope you understand why this was necessary.

And link to jlrpy issue if you want to follow or help. https://github.com/ardevd/jlrpy/issues/116

[JonSilver]

It's complete rubbish. The banks are responsible for the security of people's bank accounts and a wealth of personal information, yet even they can connect your bank account securely to 3rd party apps via the Open Banking protocol.

Through key exchange and restricted permissions it's totally possible to lock a system down and yet offer information and even control to customers via third party apps.

Or maybe JLR's programmers really aren't up to the job. In which case I don't want them anywhere near the control systems of the car I use to transport my loved ones around.

[msp1974]

Please upgrade to v2.2.6 (if on v2.2.5) or v3.0.0beta5 (if on v3.0.0beta4) to rectify.

[msp1974]

ATM pulled v3.0.0beta5. Please use v2.2.6 if previously on v2.2.5. Working on v3.0.0beta

[bobbinz]

Thank you so much for reverse engineering the keys and fixing this so quickly. If there's anything we can do to put pressure on Jaguar please do say so!

[msp1974]

Ok, v3.0.0beta5 now released too to fix this issue.

[ismarslomic]

Thanks @ardevd and @msp1974! Great job 💪🫶👏

[RadicalMonkey]

It’s amazing you got this sorted so quick! How can I get the beta? Also when will the full version come out?

[ismarslomic]

@RadicalMonkey if you use HACS you can just choose Redownload and make sure the "Show beta version" is switched on

[ismarslomic]

@RadicalMonkey you can also upgrade to the new release v2.2.6