ardevd

> Until recently I used to work for JLR but now work for one of their suppliers. I'll see if I can find a way to raise this internally with...

> Been doing a lot of reading about the whole Octopus smart charging saga with API access being v suddenly removed for energy companies back in March. There has been...

From my findings so far it seems like the only change here is that the app secret now rotates (at least) every time you start the app. It seems to...

> @ardevd Out of curiosity, do most of the API changes you've had to fix look like they were intentionally to stop third-party apps, or are they adding new functionality?...

Looks like they've added a new layer of API authentication.

The `x-App-Secret` is now dynamic and seemingly changes frequently. Re-using previously used values doesn't seem to work either.

Not necessarily. Either, the secret is provided by the InControl API, or it might be calculated locally on the device (and reproduced on the server side). Either way, it should...

I'd really appreciate that! This cat and mouse game has been going on for a while now and while I enjoy the challenge, it's getting tedious. JLR alienating their most...

apktool or JADX (which used apktool) works fine.

Yeah. Third party API access has been a thing for the last 15 years now. About time JLR caught up. I'm happy for all the help I can get. Reach...