Tesla Integration with Home Assistant

Setting up Tesla Integration with Home Assistant and CloudFlare

In the wake of Tesla discontinuing their REST-API, managing your vehicle via Home Assistant (HA) has become a tad more intricate but not impossible. You’re faced with a choice: opt for a Tessie subscription or, for the DIY enthusiasts, directly link your Tesla Integration with Home Assistant. Both paths have merits, but let’s dive into the latter for those who love a good project.

Preparation: To use the API you have to register a developer account with Tesla and (at least formally) register an app. When setting up the app, Tesla requires a web server that can be accessed from the Internet and one which certain certificates are stored. 

Therefore, the software components are first installed and configured on the HA server. The server will later be made accessible on the Internet and the Tesla developer account will then be created including app registration. 

Here are the steps, with the assumption that you have Home Assistant already operational and is running in Home Assistant Operating System mode.

If you are running Home Assistant on Docker follow this guide.

  1. Ensure your Home Assistant is accessible over the internet.
  2. Install Apache 2 Minimal Web Server
  3. Enable a Secondary Cloudflare Zero Trust tunnel
  4. Create a Tesla developer account
  5. Install Tesla HTTP Proxy configuration
  6. Install the Tesla Custom integration

1. Ensure Home Assistant is accessible of the internet

It is critical that the Tesla Service can access your HA instance, I’ve previously written a blog showing how to do this with Cloudflare Zero Trust. You can use other methods providing Tesla recognise the SSL certificate.

Note: If you have tightened up your security and implemented geo-blocking or equivalent you will need to remove this to ensure your website is accessible from anywhere on the internet until configured.

Alternative: If you’re looking to redirect your router’s traffic and use port forwarding to channel it to port 443 on your web server, alongside implementing DuckDNS, I recommend following the guidance provided in the Tesla Integration wiki.

2. Install Apache2 Minimal Web Server

Tesla requires access to a couple of private keys to validate your configuration. This is best hosted via a plain old Apache2 web server which is accessed through a Cloudflare Zero Trust tunnel.

2.1 Kickstarting web server installation

Start by adding the HA-Addons repository. You can do this manually with the provided GitHub repository link or simply click the ‘Add Repository’ button below for a quick setup and add the repository.

Add Repository to HA

2.2 Navigating to the Add-On Store

After adding the repository, head over to your Home Assistant and go to Settings > Add-Ons, then tap on the Add-On Store and install the Apache2 Minimal Add-On.

Home Assistant Add-ons Menu

Apache2 Minimal Add-on

2.3 Start the Apache2 installation.

Click on the install button to download and install the Apache2 Minimal web server.

Apache2 Minimal Installation

2.4 Start up options.

Enable the startup options to ensure it stays up-to-date and doesn’t crash.

Apache2 Minimal Startup Options

2.5 Configuration Tab

Connect to the configuration tab and fill out the details as per example below with your appropriate domain name.

Apache2 Minimal Configuration

2.6 Create your apache.conf file.

Login via ssh to your Home Assistant host and create the 000-default.conf file in the /share/apache2/ directory as per below.

<VirtualHost *:80>
  ServerName tesla.smartmotion.life
  DocumentRoot /share/tesla/
  <Directory "/share/tesla">
    Require all granted
  Alias "/.well-known/appspecific/" "/share/tesla/"
  <Location "/">
    Require all denied
  <Location "/.well-known/appspecific">
    Require all granted

2.7 Start your web server

Apache2 Minimal Info Screen

3. Enable a Secondary Zero Trust tunnel.

Step 1 showed you how you can connect to your HA instance via a Cloudflare Zero trust tunnel. This negates the need to modify your router and port forward and manages the SSL certificate for you. With this configuration you will setup a second website so you will have two URL’s pointing at the HA host. One is your HA instance, the other is the Apache server setup in step 2. This will be used to share the *pem files with Tesla to validate and authenticate the Tesla API.

3.1 Get started

Visit CloudFlare website, sign in with your account.

3.2 Navigate to Zero Trust tunnel

Create a zero trust tunnel, and chose Configure.

Cloudflare Zero Trust menuCloudflare Zero Trust menu

3.3 Add a public hostname

You should already have one which was defined in step 1, choose to add one for Tesla API to authenticate against.

CloudFlare Home Assistant Public Hostname

3.4 Configuring your Tesla API public host name

When setting up your Apache2 web server, it’s essential to designate a subdomain specifically for Tesla’s API authentication. This step is crucial as it establishes a direct line of communication between Tesla’s services and your setup. Given that the Cloudflare Zero Trust tunnel provides robust encryption, you can confidently operate this connection over port 80. This choice ensures a seamless flow of traffic straight from Cloudflare’s secure endpoints to your Home Assistant (HA) host, all the while maintaining the integrity and confidentiality of your data.

During this process, your server will host *.pem files in a public directory. These files are critical for the authentication process, serving as digital certificates that verify your server’s identity to Tesla’s API. It’s important to note that while these files are accessible, they are securely managed and play a pivotal role in the authentication sequence, ensuring that only authorised requests are processed by your Tesla API application.

By carefully following these guidelines, you’ll establish a secure and efficient communication channel between your Home Assistant setup and Tesla, enabling advanced control and integration of your vehicle with your smart home ecosystem.

Cloud Flare Tesla Public Host Name Configuration Smart Motion

4. Create a Tesla developer account

4.1 Get going with your Tesla Developer account.

Go to developer.tesla.com and register as a developer with your standard Tesla account. Two-factor authentication must be set up for the account; I used Microsoft Authenticator as the app.

Tesla required an Australian Business Number (ABN). Smart Motion has a valid one, so the example used that. However, if you do not, it may be possible to create a dummy ABN. I have read that Tesla has promised to remove the ABN requirement. If this has been done, please post a message below.

Once you set up the account, create a pro forma app authorised to access the vehicle.

4.2 Request Application Access

Once logged into the developer dashboard choose ‘Request Application Access’.

Request Application Access

4.3 Choose the account which you have just created.

Tesla Application Access Request

4.4 Write a short description of the purpose of this application

Tesla Application Access Request Description

4.5 Enter the client details for your configuration

Tesla Application Access Request Client Details

4.6 Specify the API & Scopes for what you will use it for, I am only accessing vehicle information hence my choices.

Tesla Application Access Request Vehicle or Energy Options

4.7 App Request Submitted

After a few seconds, Tesla will send you an automatic approval email. Important: Tesla now checks whether the domain can be reached via the Internet and whether the certificate is correct.

If it worked, you will see the app you created in your account.

Tesla Application Request Submitted

4.8 You should now see an active application within your dashboard, choose to ‘View Details’

Tesla Developer Tessie Killer Application Active

4.9 Copy and store securely the details, you will need them in step 5.4 below.

Tessie Killer Credentials & APIs

5. Install Tesla HTTP Proxy configuration

5.1 Kickstarting Cloudflared Integration

Start by adding the HA-Addons repository. You can do this manually with the provided GitHub repository link or simply click the ‘Add Repository’ button below for a quick setup and add the repository.

Add Repository to HA

5.2 Navigating to the Add-On Store

After adding the repository, head over to your Home Assistant and go to Settings > Add-Ons, then tap on the Add-On Store and install the Tesla HTTP Proxy.

Home Assistant Add-ons Menu

Tesla HTTP Proxy add-on option

5.3 Install the Tesla HTTP Proxy

Click on the install button to download and install the Tesla HTTP Proxy server.

Tesla HTTP Proxy Install

5.4 Configure the Tesla HTTP Proxy

Head over to the Configuration tab and populate the service, you will need the details from step 4.9.

Tesla HTTP Proxy configuration


5.5 Navigate to the info tab and start the Add-On.

Note: If this did not start have you followed the DNS entry setup in 1.2?

Tesla HTTP Proxy Info screen

5.6 Choose Open Web UI

Tesla HTTP Proxy Open Web UI Screen

5.7 We will now follow the four steps in order to authenticate with your Tesla account, choose ‘Login to Tesla account’

Tesla HTTP Proxy add-on

Note: You will see a call out warning you that the ‘Page not found’ is to be expected.

Tesla page not found known error message

5.8 After you have logged into your Tesla account copy the URL from the address bar.

Tesla callback address bar

5.9 Navigate back to Home Assistant and paste this callback into the dialogue box provided and choose ‘Generate token from URL’

Tesla HTTP Proxy add-on example

5.10 Click ‘OK’ at the Authorization complete screen which will copy the refresh token to your clipboard

5.11 Navigate back to the Tesla HTTP Proxy add on screen and choose ‘Enrol public key in your vehicle’ and follow the instructions.
  1. Sign in to the Tesla App
  2. Scan the QR Code
  3. Click ‘Finish setup’ on your phone and it will install the ‘Virtual Key’ in your vehicle

Tesla Set Up Third-Party Virtual Key

6. Install the Tesla Custom Integration

6.1 Home Assistant Tesla Custom Integration installation

You now have a ‘Refresh Token’ that will enable the Tesla Custom Integration to authenticate. Install it from  GitHub repository link or simply click the ‘Add Repository’ button below for a quick setup and add the repository.

Add Repository to HA

6.2 Agree that you need the Tesla HTTP Proxy, which you have already done.

Tesla Configuration API Proxy notification

6.3 Enter your email address and the ‘Refresh Token’ from step 5.10.

Tesla Configuration

6.4 Within your integrations you will now see commands to control your Tesla.

Tesla Controls now enabled

Congratulations! You’ve now got your own Tesla Integration working without the need for ongoing subscription to Tessie! Have questions or feedback for Home Assistant with Cloudflare Zero Trust? Feel free to share your thoughts or ask for help in the comments below.

Did this guide help you secure your Home Assistant remotely? If you found it valuable and are feeling generous, consider Buying Me A Coffee. Your support encourages me to create more helpful content like this. Cheers!

Buy me a coffee
Share the Post:
  • Comment (18)
  • This is a very well explained guide!
    Unfortunately i’m stuck on the last step… When I scan the QR-code I get an error from Tesla app, claiming, that this is an third party app and its not registered…
    Somebody have an Idea of what I did wrong?

    • Unfortunately I haven’t seen that, my suggestion is to run through it again. There is a timeout and you may have been a bit slow through it (I know I was for the first few goes). Let me know how you go!

  • Thanks for the detailed description! Would this process result in getting location updates via streaming or via polling?

  • “I’m currently trying to install the Tesla integration in Home Assistant. I’m quite new to this topic, so this guide came in handy for me. I had already set up a tunnel via Cloudflare, and my HA server is externally accessible. Now, I’ve set up a second tunnel and installed the Apache server. It’s now accessible via https://tesla.myaddress.com. What’s not entirely clear to me is where to get the public key stored in com.tesla.3p.public-key.pem. If I generate a key pair with openssl and rename the public key to com.tesla.3p.public-key.pem and copy it to /share/apache2/, then it is also displayed to me via https://tesla.myaddress.com. Additionally, I had to manually create the folders /share/tesla and /share/apache2, was that correct?”

    • This was an error in the blog that the certificate is available at this time. I’ve removed the step where you test your public key. As you pointed out it is not created at this time.

      You should not have to create the directories, do you get an error message if they are not created?

  • Thanks for the detailed guide. I have been postponing the fleet API as it was hard to follow but your guide was very helpful. I reached successfully until step 5.11 and when I scan the code on my mobile, I get the error ‘Unable to Share Vehicle, This third party isn’t registered with Tesla. We can’t grant them access at this time.’ Any suggestions?

  • Developer Account steps doesn’t require a Business Number for US, I see the Tax ID for UK though. Also it has the note saying that Tesla API is temporarily free during this trial period. Does that mean this will only work for a while before Tesla charging us for API call? Thanks

  • Hello,
    seems a nice guide, but only for HA OS users, not for me running HA in a docker container…

    I managed to settle Tesla developer needs..
    I managed to build a webserver (Apache2), I managed to create Cloudflare tunnel to that server.
    I’m stuck at creating the Tesla_http_proxy thing. I need more time and nerves. Only ChatGPT seems endless in energy on that 😉

Leave Your Comment

Related Posts

Subscribe to new blogs