Volkswagen Carnet API shutdown: Difference between revisions
Added the integration´s ability to provide information about the minimum and maximum temperature of the HV battery |
added screenshots of the github bug reports, the token-endpoint error, and the vw group info services notice |
||
| Line 12: | Line 12: | ||
On May 27, 2026, [[Volkswagen]] Group silently disabled the authentication flow that third-party software had used for years to read & control its vehicles, breaking the widely deployed [[Home Assistant]] integration ''homeassistant-volkswagencarnet'', the open-source EV charge controller ''evcc'' and the open-source energy management and EV charging software ''openWB''.<ref name="borncity">{{Cite web |url=https://borncity.com/blog/2026/05/29/vw-und-audi-sperren-api-schnittstelle-smart-home-blackout-seit-27-05-2026-teil-1/ |title=VW und Audi sperren API-Schnittstelle; "Smart-Home-Blackout" seit 27.05.2026 - Teil 1 |publisher=Borncity |date=2026-05-29 |access-date=2026-05-29}}</ref><ref name="issue969">{{Cite web |url=https://github.com/robinostlund/homeassistant-volkswagencarnet/issues/969 |title=[BUG] VW has disabled access to API, so any services based on it no longer work. |publisher=GitHub (robinostlund/homeassistant-volkswagencarnet) |date=2026-05-27 |access-date=2026-05-29}}</ref> The cutover extended across the Volkswagen, [[Audi]], Škoda & Cupra brands.<ref name="myskoda1112">{{Cite web |url=https://github.com/skodaconnect/homeassistant-myskoda/issues/1112 |title=API access change - VW Group third-party framework |publisher=GitHub (skodaconnect/homeassistant-myskoda) |date=2026-05-26 |access-date=2026-05-29}}</ref><ref name="evccdiscussion">{{Cite web |url=https://github.com/evcc-io/evcc/discussions/30236 |title=VW lock API requests soon and allow only registered Apps #30236 |publisher=GitHub (evcc-io/evcc) |date=2026-05-27 |access-date=2026-05-29}}</ref> The new token endpoint requires a cryptographic ''attestation'' tying each request to an official VW Group app, locking out community clients that had authenticated with stored owner credentials alone.<ref name="issue969" /><ref name="evccdiscussion" /> Volkswagen published no press release; the official explanation surfaced on a private Škoda owners' Facebook group, telling owners that apps lacking a formalised relationship with VW Group Info Services would no longer access vehicle data.<ref name="myskoda1112" /> | On May 27, 2026, [[Volkswagen]] Group silently disabled the authentication flow that third-party software had used for years to read & control its vehicles, breaking the widely deployed [[Home Assistant]] integration ''homeassistant-volkswagencarnet'', the open-source EV charge controller ''evcc'' and the open-source energy management and EV charging software ''openWB''.<ref name="borncity">{{Cite web |url=https://borncity.com/blog/2026/05/29/vw-und-audi-sperren-api-schnittstelle-smart-home-blackout-seit-27-05-2026-teil-1/ |title=VW und Audi sperren API-Schnittstelle; "Smart-Home-Blackout" seit 27.05.2026 - Teil 1 |publisher=Borncity |date=2026-05-29 |access-date=2026-05-29}}</ref><ref name="issue969">{{Cite web |url=https://github.com/robinostlund/homeassistant-volkswagencarnet/issues/969 |title=[BUG] VW has disabled access to API, so any services based on it no longer work. |publisher=GitHub (robinostlund/homeassistant-volkswagencarnet) |date=2026-05-27 |access-date=2026-05-29}}</ref> The cutover extended across the Volkswagen, [[Audi]], Škoda & Cupra brands.<ref name="myskoda1112">{{Cite web |url=https://github.com/skodaconnect/homeassistant-myskoda/issues/1112 |title=API access change - VW Group third-party framework |publisher=GitHub (skodaconnect/homeassistant-myskoda) |date=2026-05-26 |access-date=2026-05-29}}</ref><ref name="evccdiscussion">{{Cite web |url=https://github.com/evcc-io/evcc/discussions/30236 |title=VW lock API requests soon and allow only registered Apps #30236 |publisher=GitHub (evcc-io/evcc) |date=2026-05-27 |access-date=2026-05-29}}</ref> The new token endpoint requires a cryptographic ''attestation'' tying each request to an official VW Group app, locking out community clients that had authenticated with stored owner credentials alone.<ref name="issue969" /><ref name="evccdiscussion" /> Volkswagen published no press release; the official explanation surfaced on a private Škoda owners' Facebook group, telling owners that apps lacking a formalised relationship with VW Group Info Services would no longer access vehicle data.<ref name="myskoda1112" /> | ||
[[File:VW Carnet API shutdown issue 969.png|thumb|center|upright=2.4|GitHub issue 969 on the homeassistant-volkswagencarnet tracker reports that Volkswagen blocked third-party API access on May 27, 2026 for all users except those paying a separate fee.<ref name="issue969" />]] | |||
==Background== | ==Background== | ||
| Line 22: | Line 24: | ||
On the afternoon of May 27, 2026, every third-party client targeting the Volkswagen Group cloud began failing simultaneously, while the official Volkswagen, Audi & MyŠkoda smartphone apps continued to authenticate normally.<ref name="borncity" /><ref name="issue967">{{Cite web |url=https://github.com/robinostlund/homeassistant-volkswagencarnet/issues/967 |title=[BUG] Login no more possible, Android App still works |publisher=GitHub (robinostlund/homeassistant-volkswagencarnet) |date=2026-05-27 |access-date=2026-05-29}}</ref><ref name="issue969" /> Integration logs showed unauthorized, forbidden & bad-request responses against the VW Group token endpoint.<ref name="evccdiscussion" /> | On the afternoon of May 27, 2026, every third-party client targeting the Volkswagen Group cloud began failing simultaneously, while the official Volkswagen, Audi & MyŠkoda smartphone apps continued to authenticate normally.<ref name="borncity" /><ref name="issue967">{{Cite web |url=https://github.com/robinostlund/homeassistant-volkswagencarnet/issues/967 |title=[BUG] Login no more possible, Android App still works |publisher=GitHub (robinostlund/homeassistant-volkswagencarnet) |date=2026-05-27 |access-date=2026-05-29}}</ref><ref name="issue969" /> Integration logs showed unauthorized, forbidden & bad-request responses against the VW Group token endpoint.<ref name="evccdiscussion" /> | ||
[[File:VW Carnet API shutdown issue 967.png|thumb|center|upright=2.4|Issue 967 records that owner login through the community integration stopped working on May 27, 2026 while the official Volkswagen Android app kept signing in with the same credentials.<ref name="issue967" />]] | |||
Community analysis of the shipping VW-App build identified the change as a migration of the OIDC token endpoint from ''/login/v1/idk/token'' to ''/auth/v1/idk/oidc/token'', combined with a new requirement that the client prove via cryptographic ''attestation'' that the request originates from an official VW Group app.<ref name="evccdiscussion" /> Maintainers responded the same day by extracting the attestation parameters from the shipping Volkswagen Android app & restoring access through emulation; fixes shipped within hours as pull requests against ''evcc'' & the ''volkswagencarnet'' Python package.<ref name="evccdiscussion" /> | Community analysis of the shipping VW-App build identified the change as a migration of the OIDC token endpoint from ''/login/v1/idk/token'' to ''/auth/v1/idk/oidc/token'', combined with a new requirement that the client prove via cryptographic ''attestation'' that the request originates from an official VW Group app.<ref name="evccdiscussion" /> Maintainers responded the same day by extracting the attestation parameters from the shipping Volkswagen Android app & restoring access through emulation; fixes shipped within hours as pull requests against ''evcc'' & the ''volkswagencarnet'' Python package.<ref name="evccdiscussion" /> | ||
[[File:VW Carnet API shutdown evcc token endpoint.png|thumb|center|upright=2.7|An error log posted in evcc discussion 30236 shows a 400 Bad Request against the new Volkswagen token endpoint ''/auth/v1/idk/oidc/token''.<ref name="evccdiscussion" />]] | |||
===Affected integrations & features=== | ===Affected integrations & features=== | ||
| Line 135: | Line 141: | ||
<blockquote>''"Apps without a formalised relationship with VW Group Info Services will no longer be able to access vehicle data. If you use a third-party app and you are not sure whether it is integrated, the best step is to contact the provider directly and ask them to complete the attestation process with VW Group Info Services."''</blockquote><ref name="myskoda1112" /> | <blockquote>''"Apps without a formalised relationship with VW Group Info Services will no longer be able to access vehicle data. If you use a third-party app and you are not sure whether it is integrated, the best step is to contact the provider directly and ask them to complete the attestation process with VW Group Info Services."''</blockquote><ref name="myskoda1112" /> | ||
[[File:VW Carnet API shutdown VW Group Info Services notice.png|thumb|center|upright=2.4|The VW Group Info Services notice reposted in MyŠkoda issue 1112 tells owners that ''"apps without a formalised relationship with VW Group Info Services will no longer be able to access vehicle data."''<ref name="myskoda1112" />]] | |||
The attestation programme is a business-to-business product. In September 2024 VW Group Info Services announced an integration with telematics provider Geotab to surface Volkswagen Group vehicle data for commercial fleet customers.<ref name="electrek">{{Cite web |url=https://electrek.co/2025/12/20/oem-telematics-integration-is-maximizing-ev-fleet-efficiency-and-roi/ |title=OEM telematics integration is maximizing EV fleet efficiency and ROI |publisher=Electrek |date=2025-12-20 |access-date=2026-05-29}}</ref> An owner running ''homeassistant-volkswagencarnet'' on a home server is not the target customer. | The attestation programme is a business-to-business product. In September 2024 VW Group Info Services announced an integration with telematics provider Geotab to surface Volkswagen Group vehicle data for commercial fleet customers.<ref name="electrek">{{Cite web |url=https://electrek.co/2025/12/20/oem-telematics-integration-is-maximizing-ev-fleet-efficiency-and-roi/ |title=OEM telematics integration is maximizing EV fleet efficiency and ROI |publisher=Electrek |date=2025-12-20 |access-date=2026-05-29}}</ref> An owner running ''homeassistant-volkswagencarnet'' on a home server is not the target customer. | ||