Hey there @Bre77, mind taking a look at this issue as it has been labeled with an integration (tesla_fleet) you are listed as a code owner for? Thanks!

_{^{(message by CodeOwnersMention)}}

tesla_fleet documentation
tesla_fleet source
_{^{(message by IssueLinks)}}

Yes, this integration is now complicated to get working due to the changes Tesla has made.

Please follow the documentation at https://www.home-assistant.io/integrations/tesla_fleet or use a third party service instead that handles all this for you.

This has also been mentioned in the 2025.1 release notes - Backward-incompatible changes

Please follow the documentation at https://www.home-assistant.io/integrations/tesla_fleet

Following the documentation, as suggested, still results in an "Account linking rejected" error when I try to install the integration either manually or with the button. I have developer credentials with Tesla, but I can't even install the integration to get to where I can enter the credentials. I'm very new to HA, but I can't figure out a way around this. Any suggestions?

use a third party service instead that handles all this for you

What sort of third party service is this? Might you be able to point us to examples?

It would be helpful to have a detailed guide for setting up Tesla Fleet in 2025.1.0. Until then, I will hold off on upgrading to this version.

Is there a way to host the public key from Step 3 of App creation in HA itself (assuming it has a publicly accessible domain), or do we need to host that elsewhere ourselves?

will there be a more detailed step by step or video specifically how to setup this integration now? i have created the developer app but not step 3 and 4 as described and the initialisation fails. Is this expected behaviour?

Also followed the steps and it rejected my Tesla Approved details

Also followed the steps and it rejected my Tesla Approved details

I had this happen too. in home Assistant go to settings/devices and services and click the 3 dot menu in the top right and select application credentials then delete the Tesla fleet entry and then try to setup again

@bluemonkeysuit07 That was helpful; at least I'm able to install the integration again. Now the Tesla Fleet integration is saying "Failed setup, will retry: A condition has not been met to process the request." At least now, though, I can continue troubleshooting. Thanks!

@bluemonkeysuit07 That was helpful; at least I'm able to install the integration again. Now the Tesla Fleet integration is saying "Failed setup, will retry: A condition has not been met to process the request." At least now, though, I can continue troubleshooting. Thanks!

That's where I'm at too

I am having the same issues as others. I created a machine to machine OAuth grant. I put in the OAuth Client ID and secret. After rebooting HA I get an error in the setting screen.
It then redirects me to auth.tesla.com and states that my redirect uri is not recognized.
The redirect URI listed in the URL is https://my.home-assistant.io/redirect/oauth.
I do not use the home assistant cloud service at this moment.

Hey guys, I got it working and made notes here on what I did: https://www.wswapps.com/books/home-assistant/page/tesla-fleet-setup

I think this can be further simplified as it appears that the second API call to activate your app isn't actually validated at all, so any domain and any public key could be used. But for now you need to find a URL where you can upload the public key. I might share mine, but don't know if Tesla would be unhappy with that.

Edit: I cannot share my public key since Tesla only allows it to be used once. Until someone can create a process to easily host them on subdomains, you'll need your own domain to host the file on.

Note that the tesla commands can also be executed with the published Docker container, e.g.:

docker run --rm -v $(pwd):/tmp --entrypoint tesla-keygen tesla/vehicle-command:latest -key-file tesla_fleet.key create > /tmp/tesla_fleet.pem
docker run --rm -v $(pwd):/tmp --entrypoint tesla-control tesla/vehicle-command:latest -ble -key-file tesla_fleet.key -vin XXXXXXXXXX -debug add-key-request /tmp/tesla_fleet.pem owner cloud_key

Hey guys, I got it working and made notes here on what I did: https://www.wswapps.com/books/home-assistant/page/tesla-fleet-setup

I think this can be further simplified as it appears that the second API call to activate your app isn't actually validated at all, so any domain and any public key could be used. But for now you need to find a URL where you can upload the public key. I might share mine, but don't know if Tesla would be unhappy with that.

Edit: I simplified the instructions with my public key since the key doesn't seem to matter. So feel free to use that to make it easier (unless/until I hear that's a problem).

Seems like i get an error that the public key is already used

Hey guys, I got it working and made notes here on what I did: https://www.wswapps.com/books/home-assistant/page/tesla-fleet-setup
I think this can be further simplified as it appears that the second API call to activate your app isn't actually validated at all, so any domain and any public key could be used. But for now you need to find a URL where you can upload the public key. I might share mine, but don't know if Tesla would be unhappy with that.
Edit: I simplified the instructions with my public key since the key doesn't seem to matter. So feel free to use that to make it easier (unless/until I hear that's a problem).

Seems like i get an error that the public key is already used

I got the same in postman: "error": "Validation failed: Public key hash has already been taken",

But it was able to connect integration to tesla. But yet after login to tesla and integration say it is successfull in the logs "2025-01-04 11:37:35.595 INFO (MainThread) [homeassistant.components.tesla_fleet] Successfully authenticated"
integration is red with error "A condition is not been met to process the request"

I followed up with Niek instructions with the same url https://freakycowbot.com

I get below error, i have changed the url for europe.
{
"error": "invalid_request",
"error_description": "The 'client_id' parameter is missing. Include client_id in the request.",
"referenceID": "c5b340e5-0005-42d8-8074-6b94dac984cd-1735984667394. For more information, visit: https://developer.tesla.com/docs/fleet-api#help-and-support"
}

Woke up this morning to find this "gift" from Tesla, just when i had gotten everything working as i wanted.
So let me get this right, Tesla have changed how there API works and now we need to create an App to access this fleet data? also from Feb, they are looking to monetise app access over a specific number of requests?

@palros looks like the energy APIs are not billable endpoints, so hopefully they don't look at including that.
https://developer.tesla.com/docs/fleet-api/endpoints/energy#grid-import-export
*Click the + on the API endpoint and it says not billable

I struggled with this today. The missing info for me was that for EU you need to use a different URL when doing steps 3 and 4

Yeah I am getting the same error after following your guide.
"response": null,
"error": "Validation failed: Public key hash has already been taken",
"error_description": "",

What sort of third party service is this? Might you be able to point us to examples?

@twoprops

Teslemetry (which I own and built specifically for Home Assistant) and Tessie.

Hey guys, I got it working and made notes here on what I did: https://www.wswapps.com/books/home-assistant/page/tesla-fleet-setup

These are really good instructions, but every single registration needs to use unique origin domains and unique keys.

I don't believe you'll be able to piggyback off freakycowbot.com.

If this becomes a problem I may be able to code up a web hosting solution using wildcard DNS that also runs Step 3 and 4.

I struggled with this today. The missing info for me was that for EU you need to use a different URL when doing steps 3 and 4

Same problem here (after struggling several minutes). This information should be in the documentation of Home assistant.

It's also possible to use BLE. That solution offers basically the same information and control, is far easier to setup and doesn't rely on any cloud stuff. You would just need some bluetooth receiver or proxy near the car. It would be quite easy to implement in HA as well. Just use something like https://github.com/wimaha/TeslaBleHttpProxy as a drop in replacement of the Tesla server.

I run HA on a Intel NUC (with HA OS) and the DuckDNS plugin to access my HA installation from the internet.

I have read the current documentation:

https://www.home-assistant.io/integrations/tesla_fleet/

But the current documentation has a lot of open ends:

Is it correct I need to use https://my.home-assistant.io/redirect/oauth as redirect URL ?
Is my.home-assistant.io not the the optional payed HA Cloud service (https://www.nabucasa.com) ?
Like bpiet2000 I do not use the optional Cloud service.

For the Allowed Origin(s) URL I need to use my own DuckDNS public URL (for example MyHomeAssystant.DuckDNS.org) ?

Then 'Step 3: Generate a Public/Private Key Pair'. Where do I do this ? On the Terminal add-on (Terminal & SSH) ?

https://github.com/home-assistant/addons/tree/master/ssh

Another loose end : where to store the private-key.pem and the public-key.pem ?

When generated it has to be available from the public internet according Tesla:

https://developer.tesla.com/docs/fleet-api/getting-started/what-is-fleet-api#step-2-create-an-application

In my setup (using the DuckDNS URL MyHomeAssystant.DuckDNS.org):

https://MyHomeAssystant.DuckDNS.org/.well-known/appspecific/com.tesla.3p.public-key.pem

How do I create this site ?

Then the last part 'Step 4: Call the Register Endpoint' : For now I gave up at step 3.

It would be nice the official documentation would get an update so I can get the Tesla integration working again.

Have anybody got this worked without hosting public key? Tried the custom integration method, but for me Tesla did not accepted duckdns.org domain for allowed url's.
I think after the public key is hosted and token with this key is fetched, it might work.

@trmpluym verify that the public key you uploaded is indeed yours on the website. I have a feeling several people are getting the same domain, and someone indeed has already registered it

If the fleetkey.cc site doesn't work for you, llamafilm/tesla-http-proxy-addon#3 (reply in thread) did work for me.

You do not need nabu casa; you just need a domain that you can point at your HA server.

@0x09AF : according to Bre77 (some messages back) 'These are really good instructions, but every single registration needs to use unique origin domains and unique keys.'

And when I check the URL below someone else also uploaded their key to https://kbbhx.fleetkey.cc/ and mine was overwritten (when I just uploaded the key, the right one was shown).

https://kbbhx.fleetkey.cc/.well-known/appspecific/com.tesla.3p.public-key.pem

The way (I think) it had to work is a unique subhostname has to be generated for every public IP (for example abedd.fleetkey.cc) to prevent the error "Validation failed: Domain has already been taken".

It has to be unique for both elements, the fleetkey site should be giving a random subdomain, but it appears it isnt.

I ended up spinning up a simple nginx docker container and allowing access to the key.
Completed registration steps, but now how do I bypass "Account linking rejected"???
No matter what I tried - adding through the button. manually, in a different browser - the integration is always rejected before I even get to the credentials phase.

UPDATE: solved this by removing old application credential. Everything works without relying on a third party (well, kind of)
UPUPDATE: Thanks @Bre77 for this integration. I restored my 2024.12 instance backup and updated again to 2025.1. This way I didn't have to delete the old integration of the credential. When I re-authenticated all my entities came back (most of the command entities were disabled and they stayed disabled)

It has to be unique for both elements, the fleetkey site should be giving a random subdomain, but it appears it isnt.

Oops that's a bug! Fixing it now

Edit: it's unique on every page load now.

@Bre77 : problem solved: it works like a charm now, thank you !!

@Bre77 many thanks for hosting the proxy! all good here.

@andeart - Great update to the documentation. I did mostly with the instructions there, with the exception of last curl to register the partner as EU url is https://fleet-api.prd.eu.vn.cloud.tesla.com/api/1/partner_accounts

thank you all!

@tabascoz Glad that helped 🍻. And noted about the region-specific URL change. I'm working with @Bre77 to finalize how best to communicate the regional options in the documentation.

I get below error, i have changed the url for europe. { "error": "invalid_request", "error_description": "The 'client_id' parameter is missing. Include client_id in the request.", "referenceID": "c5b340e5-0005-42d8-8074-6b94dac984cd-1735984667394. For more information, visit: https://developer.tesla.com/docs/fleet-api#help-and-support" }

Have you found out what causes this?

I'm sure my client_id is right and it's definitely included in the POST request as x-www-form-urlencoded.

EDIT: Ooops silly me. In Postman the client ID and secret need to be put into the Body tab, not the Params tab.

When I get to step 4 after putting in my Client ID & Client Secret I keep getting "unauthorized_client" on the hosting website, can anyone suggest what I am doing wrong please?

For some reason I'm getting "unauthorized_client" at Step 4 on fleetkey.cc.

I have checked all the scopes in the application. Trying to register the domain in EU region.

P.S. duplicate comment is not intentional, it seems I and @Livefour2day were commenting at the same time :)

Getting the same error, just commenting to get subscribed here

@Bre77 Thank you its working well.

@Livefour2day @dpfaffenbauer @imihailovs

"unauthorized_client"

Did you put the private key in the home assistant config directory?

No, I now did it manually and it worked, haven't put the private key anywhere....

@Bre77 Thank you its working well.

@Livefour2day @dpfaffenbauer @imihailovs

"unauthorized_client"

Did you put the private key in the home assistant config directory?

Yes the tesla_fleet.key is in the config folder but it still wont work and i get the same "unauthorized_client" error at step 4

@Bre77 Thank you its working well.

@Livefour2day @dpfaffenbauer @imihailovs

"unauthorized_client"

Did you put the private key in the home assistant config directory?

Yes, the private key is in "config" directory and called "tesla_fleet.key"

For those using Nginx Proxy Manager (or any Nginx reverse proxy), you can also host the certificate on your Home Assistant and expose it to a different path with a custom location like this:

my private key is called private-key.pem imihailovs @.> schrieb am Mo., 6. Jan. 2025, 21:37:
…
@Bre77 https://github.com/Bre77 Thank you its working well. @Livefour2day https://github.com/Livefour2day @dpfaffenbauer https://github.com/dpfaffenbauer @imihailovs https://github.com/imihailovs "unauthorized_client" Did you put the private key in the home assistant config directory? Yes, the private key is in "config" directory and called "tesla_fleet.key" — Reply to this email directly, view it on GitHub <#134595 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/APZSJFU7BFR7LZTWMRISH2L2JLSQXAVCNFSM6AAAAABUSOXF6SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNZTHA4DGMBRHA . You are receiving this because you commented.Message ID: @.>

Interesting. fleetkey.cc specifically says to name it tesla_fleet.key. But okay, I will give it a try.

Interesting. fleetkey.cc specifically says to name it tesla_fleet.key. But okay, I will give it a try.

Only because that's what the Home Assistant integration is expecting. But that's only relevant for sending signed commands. It will have no bearing on the registration process.

My tesla-fleet.key is from december. I think from the old configuration.

In tesla developer you find this:

openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem

To create an EC public key using the secp256r1 curve (prime256v1), run:

openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem

Then, generate the associated public key.

openssl ec -in private-key.pem -pubout -out public-key.pem

Interesting. fleetkey.cc specifically says to name it tesla_fleet.key. But okay, I will give it a try.

Only because that's what the Home Assistant integration is expecting. But that's only relevant for sending signed commands. It will have no bearing on the registration process.

Worked now - created a third application on the developers portal. All other steps (besides a new subdomain) were the same as before.

All working Thank you @Bre77

When I tried to set up this, I seem to have entered the wrong tesla client-id/client secret in HA. Where can I modify this?

When I tried to set up this, I seem to have entered the wrong tesla client-id/client secret in HA. Where can I modify this?

https://www.home-assistant.io/integrations/application_credentials/

where can I locate my /.well-known folder if I am using NGINX Home Assistant SSL proxy and Duck DNS?