
Reverse Engineering the BMW I3 API - edent
https://shkspr.mobi/blog/2015/11/reverse-engineering-the-bmw-i3-api/
======
orless
A few years ago I've posted a question "How to limit speed with BMW JSDK on
116i programmatically from Java?" on StackOverflow as an April Fool's joke:

[http://stackoverflow.com/questions/2557423/how-to-limit-
spee...](http://stackoverflow.com/questions/2557423/how-to-limit-speed-with-
bmw-jsdk-on-116i-programmatically-from-java)

Now it seems to be not-so-much of a joke anymore.

------
striking
The refresh_token is so you can grab another access_token without logging in
again. It's part of OAuth2 spec.

~~~
edent
Aha! I completely missed that. Will update on the morning. Thanks

------
nolanbrown23
I did this on my 2015 3 series which provides access to a lot of cool APIs as
well but performance data is accessible only for the i3. The best use I could
find for the API was an iOS extension to easily send Maps locations directly
to my car for use with the built-in navigation system.

~~~
barlo
Have you open sourced any of this, by chance? Was just thinking of attempting
this on my BMW.

------
keehun
Am I understanding this correctly? The car is constantly communicating with
BMW's servers?

~~~
edent
Not quite. The car has a 3G modem which is always on. When the app makes a
request to BMW's servers, they forward the request to the car, which then
responds.

I assume that it probably pushes some days regularly.

If the car is out of coverage, the app doesn't get any data back - as far as I
can tell.

~~~
TeMPOraL
Any sensible reason for it, or is it just another case of insane engineering -
pushing through cloud stuff that should go through a LAN?

~~~
edent
If your vehicle is in a car park, it needs some way to connect to the net. It
might make sense to have wifi for home use - but does your network stretch out
to your garage?

------
xkcd-sucks
in principle it's kind of scary that the easiest way to get data from your car
is to query a www server

~~~
papaf
Its an authenticated query. Why is it scary - is there a problem with the
authentication?

If the authentication is sound it is actually quite cool.

~~~
jacquesm
It's scary because that server could be compromised and then your car is wide
open.

------
jacquesm
What is it with all this stuff relying on server round trips when strictly
speaking that is simply not necessary, why all this totally superfluous
complexity?

