flagrantfowl said:Hi all,
I suddenly started getting HTTP 500 "Internal Server Error" responses from both my scripted Carwings API calls and from "unofficial" apps on my phone, yet the official apps and the Nissan web site seemed to be updating fine. Odd.
So, I set up a proxy to look at the traffic, and saw that the official iOS app ("NissanConnect EV") is connecting to a different URL endpoint and speaking JSON rather than XML. The new endpoint I see is: https://gdcportalgw.its-mo.com All API calls seem to be HTTP GET requests, and all parameters are on the query string.
Is anyone else familiar with this 'new' API? I see no mention of it anywhere on the web. I'm wondering if I need to try to figure it out and modify my scripts to use it rather than the old one that speaks XML.
Thanks!
flagrantfowl said:Hi all,
I suddenly started getting HTTP 500 "Internal Server Error" responses from both my scripted Carwings API calls and from "unofficial" apps on my phone, yet the official apps and the Nissan web site seemed to be updating fine. Odd.
So, I set up a proxy to look at the traffic, and saw that the official iOS app ("NissanConnect EV") is connecting to a different URL endpoint and speaking JSON rather than XML. The new endpoint I see is: https://gdcportalgw.its-mo.com All API calls seem to be HTTP GET requests, and all parameters are on the query string.
Is anyone else familiar with this 'new' API? I see no mention of it anywhere on the web. I'm wondering if I need to try to figure it out and modify my scripts to use it rather than the old one that speaks XML.
Thanks!
// Thanks for putting my credentials in the URL so they can be logged by servers and proxies.
GET https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php?RegionCode=NNA&lg=en-US&DCMID=&VIN=&tz=&UserId=josh%40example.com&Password=supers3kr3t
// Yes, if you paste this URL in your browser you will get JSON data about your car's state dumped to you
// assuming DCMID (found in the Login reponse) and VIN parameters are specified. No other authentication necessary!
GET https://gdcportalgw.its-mo.com/orchestration_1111/gdc/BatteryStatusRecordsRequest.php?RegionCode=NNA&lg=en-US&DCMID=574610958375&VIN=1N4YZ1ZP7EC377749&tz=America/Denver&TimeFrom=2014-07-04T20:42:40
GET https://gdcportalgw.its-mo.com/orchestration_1111/gdc/ACRemoteRequest.php?RegionCode=NNA&lg=en-US&DCMID=<dcmid>&VIN=<vin>&tz=America/Denver
BluesBro said:How about start/stop AC?
joshperry said:Think I'm going to flesh out all the operations and their response bodies in some docs. But yes, even state mutation is done via get requests:
Code:GET https://gdcportalgw.its-mo.com/orchestration_1111/gdc/ACRemoteRequest.php?RegionCode=NNA&lg=en-US&DCMID=<dcmid>&VIN=<vin>&tz=America/Denver
I don't think this is a big deal for CSRF since they're not using cookies to track auth sessions anymore. Though putting secrets in URIs and using GETs for state mutation are not great for a number of other security and perf reasons.
BluesBro said:How about start/stop AC?
joshperry said:For those with any interest: https://github.com/joshperry/carwings/blob/master/protocol.markdown
irwinr said:joshperry said:For those with any interest: https://github.com/joshperry/carwings/blob/master/protocol.markdown
This is awesome, thanks!
Quick question: DCMID: Does that expire after a set amount of time? If so, any idea how long?
-Jeremy
joshperry said:irwinr said:joshperry said:For those with any interest: https://github.com/joshperry/carwings/blob/master/protocol.markdown
This is awesome, thanks!
Quick question: DCMID: Does that expire after a set amount of time? If so, any idea how long?
-Jeremy
Not sure actually. I think this is actually an ID number from the DCM in the car (I'm still trying to figure out what the DCM is (one of the car's computers). So I think it may be static, or maybe only static until the car is registered with another owner. It's going to take some more testing to figure out some of the more esoteric stuff.
For my particular use case I'm going to just cache the DCMID for now and assume that it won't ever expire.
Josh
logging.getLogger("pycarwings2").setLevel(logging.DEBUG)
joshperry said:For those with any interest: https://github.com/joshperry/carwings/blob/master/protocol.markdown
joshperry said:For those with any interest: https://github.com/joshperry/carwings/blob/master/protocol.markdown
Great work, guys! Very very cool! Thanks for sharing.flagrantfowl said:I've got a minimal but working Python API here:
https://github.com/jdhorne/pycarwings2
I don't think it will work outside of North America, given the "region" parameter, but I don't know any other values.
Enter your email address to join: