BMW-i-Remote
BMW-i-Remote copied to clipboard
edent
Has the key/secret been removed from the v2.0 iRemote app?
I've been grepping around for a while now and can't seem to find the OAuth2 key/secret. Not in the plist from what I can tell either. Any pointers on where I should look? Or is it gone?
it must be in there somewhere, as OAuth token endpoint requires client_id and secret to work. I however fetched the APK and decompiled it.
Hi.
I'm also struggling here. I've worked with the BMW Remote app cause I suppose the API is the same for PHEV and not-PHEV vehicles. Can anybody at least confirm that the API is still accesible?
Regards.
I used to have this working but now it doesn't seem like the API will give me a token anymore.
curl \
-H "Authorization: Basic a2V5OnNlY3JldA==" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&username=ipv6freely%40gmail.com&password=MYPASSWORD&scope=remote_services+vehicle_data" \
"https://b2vapi.bmwgroup.com/webapi/oauth/token/"
Gets me:
{"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
Since the old App has been deprecated, it seems the old api is also gone. But there is hope ;o)
You can use the calls BMW uses for there Connected Drive website:
to get a token make a post Request to
https://customer.bmwgroup.com/gcdm/oauth/authenticate
with data:
client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSER&response_type=token&state=FOOBAR&scope=authenticate_user+fupo&locale=en-en&password=YOURPASSWORD
You will get a redirect URL to https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html but with &access_token=HORRAYTHISISMYTOKEN attached ..
This is your Token ... There is also a timestamp which indicates the expiration time. You can use this token until the expiration time is over.
To Fetch Verhicle Data call
https://www.bmw-connecteddrive.de/api/vehicle/dynamic/v1/YOURVIN?offset=-60 and include the header "Authorization" : "Bearer ANDYOURTOKEN";
For more Infos just take a look at the BMW Connected Drive Website with a WebInspector of your choice ...
Have fun ...
@thkl where are you getting the client_id and what should state be?
I'm getting a 500 error with this:
import requests
payload = {'client_id': 'dbf0a542-ebd1-4ff0-a9a7-55172fbfce35',
'redirect_uri': 'https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html',
'username': '[email protected]',
'response_type': 'token',
'state': 'FOOBAR',
'scope': 'authenticate_user+fupo',
'locale': 'en-en',
'password': 'mypassword'}
r = requests.post('https://customer.bmwgroup.com/gcdm/oauth/authenticate', data=payload)
print(r)```
I‘ve fetched the clientID from the Connected Drive Website. This Id hasn’t changed since months...
The state is a various ID of your choice.
The Login is a normal oauth login procedure, so the response from the login post also includes this id.
As mentioned in my post above, just grab Chrome‘s Webinspector, make a login in to the ConnectedDrive Website and there are all informations you need. 😎
Quick guess: change the + into a space at the scope parameter. My example was html encoded 🤓
Hi. Sorry for offtopic but.... Anyone knows the method/message that triggers a location update of the vehicle? I mean the one used in the app to locate the vehicle. I'm unable to get it using Firefox & network monitoring. Regards.
oh i do not use curl (ios ;o) but here is a http request dump :
POST /gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https:%2F%2Fwww.bmw-connecteddrive.com%2Fapp%2Fdefault%2Fstatic%2Fexternal-dispatch.html&username=YOURUSERNAME&response_type=token&state=053AC226-29D7-46CA-A234-5E79DCA6CD19&scope=authenticate_user%20fupo&password=YOURPASSWORD HTTP/1.1
Host: customer.bmwgroup.com
Connection: close
User-Agent: Paw/3.1.5 (Macintosh; OS X/10.13.5) GCDHTTPRequest
Content-Length: 0
will end up in :
HTTP/1.1 302 Found
Date: Tue, 03 Jul 2018 06:05:40 GMT
Server: Apache
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, Content-Type, Accept, Cache-Control, KeyId
Max-Forwards: 20
Via: 1.0 lpb2vcn01 (BMW Group API Gateway)
Location: https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html#state=053AC226-29D7-46CA-A234-5E79DCA6CD19&access_token=THISISYOURAUTHENTICATIONTOKEN&token_type=Bearer&expires_in=7199
X-Frame-Options: SAMEORIGIN
X-NodeID: 01
X-Powered-By: JOY
Content-Type: text/html; charset="utf-8"
Set-Cookie:
.... yallayallayalla ...
Connection: close
Transfer-Encoding: chunked
the state parameter is a random uuid
I've been looking into this and have no idea where to get the client_id. I live in the US so from what I've read, its not on the website. I've transferred the i3 remote app and decompiled the app, but have no idea where to start looking.
Any help is appreciated. Would love to get Siri working to activate air conditioning.
I have managed to get a token via a POST request via curl:
## Request
curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -v
In the response you'll find the token in Location-parameter
I have managed to get a token via a POST request via curl:
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -vIn the response you'll find the token in Location-parameter
I put in my username and password and tried doing this in terminal on my Mac and it just hangs. Not sure if I am doing something wrong
I have managed to get a token via a POST request via curl:
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -vIn the response you'll find the token in Location-parameter
I put in my username and password and tried doing this in terminal on my Mac and it just hangs. Not sure if I am doing something wrong
Works like a charm on my Mac; I don't know what you are doing wrong, sorry.
Works like a charm on my Mac; I don't know what you are doing wrong, sorry.
okay, rebooted and tried again and I got it to work, but now I get.... Should my token be listed there?
Location: https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html?error=access_denied < X-c2b-Exception: AuthenticationFailedAppException
Seems like an Authentication error as mentioned by the access denied parameter ....
Seems like an Authentication error as mentioned by the access denied parameter ....
Do you think its country specific? I'm in the US here.
maybe.. you should try a normal browser (with google chrome) login and inspect all the calls by the google chrome web inspector.
I don't know if this will be useful to you guys, but I wrote this. I have it running via cron on a digital ocean droplet so I get notifications when my car is charged (why the stupid connecteddrive app doesn't send a notification when the car is charged is beyond me!)
https://github.com/ipv6freely/bmw2018
To Fetch Verhicle Data call
https://www.bmw-connecteddrive.de/api/vehicle/dynamic/v1/YOURVIN?offset=-60 and include the header "Authorization" : "Bearer ANDYOURTOKEN";
Are all (or some?) of the GET/POST messages mentioned in the api-overview still valid via this method? I want to get the car statistics like Last Trip & Charging times. Is this still possible?
EDIT: Found my answer here: https://github.com/gerard33/bmwcd
It appears this no-longer works,.. the response returns with a Location parameter that has ?error=access_denied appended, and no longer the access_token.
## Request curl -X "POST" "https://customer.bmwgroup.com/gcdm/oauth/authenticate?client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35&redirect_uri=https://www.bmw-connecteddrive.com/app/default/static/external-dispatch.html&username=YOURUSERNAME&response_type=token&state=RANDOMGUID&scope=authenticate_user%20fupo&password=YOURPASSWORD" -v
Do you think its country specific? I'm in the US here.
maybe.. you should try a normal browser (with google chrome) login and inspect all the calls by the google chrome web inspector.
@thkl & @ericlawton ConnectedDrive for US customers has an entirely different url when using this method.
Any news on this?
What kind of news are you looking for? If you want a working example checkout the git repo I posted earlier.
Anyway, I don't have a BMW anymore so I'm going to drop out of this repo :)
I'm getting this error:
Apr 17 11:08:13 raspberrypi homebridge[11149]: [4/17/2020, 11:08:13 AM] [BMW 420] Getting current state...
Apr 17 11:08:14 raspberrypi homebridge[11149]: [4/17/2020, 11:08:14 AM] [BMW 420] ERROR REQUEST RESULTS: null 500 {"statusCode":500,"requestUrl":"https://ise-bev-prod-emea.bmwgroup.net/bev/vehicle/dynamic/v1/WBAxxxxxxxxxxxxxxxxxxxx","requestTimestamp":1587118094616,"logErrorId":"BEV1000","logTransactionId":"-1221427930;855052"}
Apr 17 11:08:15 raspberrypi homebridge[11149]: [4/17/2020, 11:08:15 AM] [BMW 420] ERROR REQUEST RESULTS: null 500 {"statusCode":500,"requestUrl":"https://ise-bev-prod-emea.bmwgroup.net/bev/vehicle/dynamic/v1/WBAxxxxxxxxxxxxxxxxxxxx","requestTimestamp":1587118095469,"logErrorId":"BEV1000","logTransactionId":"-517044039;978793"}
It was working before I guess the authentication method or client_id has changed
I'am using the default
client_id=dbf0a542-ebd1-4ff0-a9a7-55172fbfce35
I believe Toyota supra connect uses the same API as the old BMW connected app. Is there a way to use this Toyota API to control BMW cars
