April 16, 2015 at 20:09 #16166
So, I cracked Fiddler out and had a look… At first glance, the API seems secure (hurrah). It’s all HTTPS and although after logging in the requests still take your username or VIN, if you change them (I tried to my wife’s) the requests fail. Good stuff.
The service lives here:
https://rno-smartgtw.viaaq.eu/aqPortal/B2CSmartphoneProxy/UserService – handles login, some localisation(!) and updating notification settings
https://rno-smartgtw.viaaq.eu/aqPortal/B2CSmartphoneProxy/EvDashboardService – handles battery info, including sending requests for updated status
https://rno-smartgtw.viaaq.eu/aqPortal/B2CSmartphoneProxy/RemoteOperation – handles operations (turn AC on, etc.)
Eg. a request to turn the AC on now is an HTTP POST that looks like this (I’ve removed my VIN/SessionID and changed the angle brackets to square brackets to avoid upsetting the forum):
POST https://rno-smartgtw.viaaq.eu/aqPortal/B2CSmartphoneProxy/RemoteOperation HTTP/1.1 Content-Type: text/xml; charset=utf-8 User-Agent: Android/5.1 Content-Length: 399 Host: rno-smartgtw.viaaq.eu Connection: Keep-Alive Cookie: $Version=0; JSESSIONID=###session id###; $Path=/aqPortal [?xml version='1.0' encoding='utf-8' standalone='yes' ?] [ns2:SmartphoneRemoteHVACActivationRequest xmlns:ns1="urn:com:renault:gdc:type:portalcommon:v1" xmlns:ns2="urn:com:airbiquity:smartphone.Remoteoperation:v1"] [ns1:VehicleServiceRequestHeader] [ns1:VIN]###my vin###[/ns1:VIN] [ns1:Caller]SMARTPHONE-APP[/ns1:Caller] [/ns1:VehicleServiceRequestHeader] [/ns2:SmartphoneRemoteHVACActivationRequest]
The API should probably be pretty stable, because if they change it, existing versions of the app will break. Any breaking changes, they’d need to release an updated app, then ensure “everyone” is updated before unleashing. This means for building your own app, should be pretty solid.
I don’t know how Renault would feel about me building an app though… Although I don’t think it could do any harm, some companies are a bit protective of their APIs 🙁April 16, 2015 at 21:36 #16174
im not ‘programmer’ savy but in theory if you know someones vin or user id u can send commands without the password???
surely not….?April 16, 2015 at 21:53 #16176
No, you can’t. That’s what I tested when I saw the requests included VINs/Usernames (some include one, some include the other). In all cases, if I change them to my wife’s, I got a “BAD REQUEST” response. So it seems to be secure against that 🙂
The very first request sends your username/password, and this authenticates you for a session. You need to send that same session ID back with all requests, and that’s how it knows who you are.June 24, 2015 at 15:18 #20208
Hi @dantup: Did you get any further with the API for ZE services? Do you have any more documentation?
Just wondering if I could knock something together using tasker on android? Might be a useful widget/app for people running android. If we can trigger charging from an API request, @David could use his Smappee (if he buys one) to trigger a granny lead charge when his solar production-houseConsumption>3.3kW via IFTTT without having BCI faults when controlling a 3-pin socket on/off using a comfort plug.
Do you know if you can query the API for status information? Battery SOC, GPS data, Energy Used on Last Trip, Vehicle Speed, Plugged in and Charging, etc? Would be nice to get this data into a database and analyse it locally – I’m sure we could be creative with it.June 25, 2015 at 12:45 #20279
Did you get any further with the API for ZE services? Do you have any more documentation?
Not yet; I’ve been way too busy. Unlikely I’ll have time to do much before September, though I would like to try writing a better app!
Just wondering if I could knock something together using tasker on android?
You’d need to send multiple API requests to do anything; so I suspect you’ll struggle directly from Tasker, without some intermediate API in the middle.
could use his Smappee (if he buys one) to trigger a granny lead charge
Is there any way to plugin and not start a charge other than using the timer? I thought pressing the chargeflap button stopped the charge, but it’s only temporary. Plugging the car in without starting a charge would be handy, but I cba messing with the timer to do it.
Do you know if you can query the API for status information? Battery SOC, GPS data, Energy Used on Last Trip, Vehicle Speed, Plugged in and Charging, etc?
Anything you can see in the ZE app is there in the response. I couldn’t see anything additional (I did look, wondering if there was stuff the app just didn’t do yet).June 29, 2015 at 12:23 #20458
I haven’t done so myself, making myself part of the problem!, but has anyway asked Renault if they are going to update the App ?
On my iphone, it is still optimised for an iPhone 4, in terms of screen size.
The app’s for other cars are so much better. GPS location is something I would like to see.June 29, 2015 at 18:10 #20479
I wouldn’t even know who to ask at Renault that could give a useful response 🙁September 1, 2015 at 12:37 #22839
Hi all – thank you very much for getting me into this. I was looking for an easy way to display the data of 2 ZOE’s within one app or screen. This is what I’ve come up so far over the last weekend:
Attachments:You must be logged in to view attached files.September 3, 2015 at 22:32 #22975
nabossha – how have you been able to do that?September 8, 2015 at 21:19 #23142
You must be logged in to reply to this topic.