Ford Developer API

[kltye]

Not sure if this is the right subforum, but I'm looking for help reaching someone who can say something, anything, about the Ford API. Ford has had their developer API working for quite some time now, and I (and lots of other users) have tapped into it for home automation purposes, etc. In the couple weeks, Ford abruptly yanked API access to everyone without any explanation. Their website isn't of any help, and their contact us page doesn't even let you ask generic questions either (just pick from a list of drop-down options; we'll call you don't call us).

@Ford Motor Company @Mach-E VLOG Can you guys help? This has been documented here. We don't really care what the response is, as long as (a) there's a response, and (b) hopefully a way to move forward for those of us who'd like to access simple car info.

Sponsored

 

[kltye]

Ford has never provided a developer API or publicly available API to anyone for the most part.

What you're looking at consists of individuals trying to access private Ford APIs -- which is why they were blocked...

Please do not comment if you have no experience in this. Visit the developer website (I'll link here again: https://developer.ford.com/apis) and you'll see the documentation is still there.

 

[thecodingart]

Please do not comment if you have no experience in this. Visit the developer website (I'll link here again: https://developer.ford.com/apis) and you'll see the documentation is still there.

I find it funny when people respond like this but have no idea whom they're talking to.

Although I have no idea why this is up on the site, it's entirely incorrect and misleading. I'm going to shoot off a few messages on it.

Edit: I'm actually surprised Ford exposed any of this -- but the telemetry feeds that are public here are "not" for individuals to consume. As to clarity on the exact use case for this feed, I'm sending a few messages asking for that. That's why you're seeing individuals get blocked though (which was my understanding of what would happen if an individual tried to access these feeds).

 

[kltye]

I find it funny when people respond like this but have no idea whom they're talking to.

Although I have no idea why this is up on the site, it's entirely incorrect and misleading. I'm going to shoot off a few messages on it.

Edit: I'm actually surprised Ford exposed any of this -- but the telemetry feeds that are public here are "not" for individuals to consume. As to clarity on the exact use case for this feed, I'm sending a few messages asking for that. That's why you're seeing individuals get blocked though (which was my understanding of what would happen if an individual tried to access these feeds).

You said

Ford has never provided a developer API or publicly available API to anyone for the most part.

And yet, the developer portal is public. I - and countless others - have requested and used OAuth tokens to make API calls to the endpoints. The documentation is public, and a Postman config file was even posted to make things easier for devs. All this is public, no hacking, no secret links, etc. I consider this public, and not private/undocumented APIs.

Edit: I'm actually surprised Ford exposed any of this -- but the telemetry feeds that are public here are "not" for individuals to consume.

They made no indication of that anywhere, and I didn't even have to pretend to be a giant ISV to gain access. I've only used my token in my own custom app, polling the API every 20 minutes (well within the documented guidelines), and have had my access summarily revoked. I have never used the token in any code except code I've written.

As to clarity on the exact use case for this feed, I'm sending a few messages asking for that.

Thank you, and I appreciate that.

 

[thecodingart]

You said


And yet, the developer portal is public. I - and countless others - have requested and used OAuth tokens to make API calls to the endpoints. The documentation is public, and a Postman config file was even posted to make things easier for devs. All this is public, no hacking, no secret links, etc. I consider this public, and not private/undocumented APIs.


They made no indication of that anywhere, and I didn't even have to pretend to be a giant ISV to gain access. I've only used my token in my own custom app, polling the API every 20 minutes (well within the documented guidelines), and have had my access summarily revoked. I have never used the token in any code except code I've written.


Thank you, and I appreciate that.

Right, what I can 100% say with absolute confidence is what I've already noted:

but the telemetry feeds that are public here are "not" for individuals to consume.

and

Although I have no idea why this is up on the site, it's entirely incorrect and misleading

Because it is. Ultimately, there is something available for specific types of applications. One offs for "individual" use, not so much. Which emphasizes my point.

There is a specific use case for this, it's not what's in the linked to commentary for HA use.

 

[danielcb]

Not sure if this is the right subforum, but I'm looking for help reaching someone who can say something, anything, about the Ford API. Ford has had their developer API working for quite some time now, and I (and lots of other users) have tapped into it for home automation purposes, etc. In the couple weeks, Ford abruptly yanked API access to everyone without any explanation. Their website isn't of any help, and their contact us page doesn't even let you ask generic questions either (just pick from a list of drop-down options; we'll call you don't call us).

@Ford Motor Company @Mach-E VLOG Can you guys help? This has been documented here. We don't really care what the response is, as long as (a) there's a response, and (b) hopefully a way to move forward for those of us who'd like to access simple car info.

It's just plain stupid and bizarre that Ford's default behavior is to block users, instead of fixing their damn API. This has been done before, even when final customers were using a less than ideal implementation of API calls to Ford APIs.

It took then ages to implement OAuth for those APIs ( which they have done poorly) and fix the WEb Dashboard that was showing the 12V SOC instead of the High Voltage SOC, as it should been.

At this point, I really question why bother and waste time trying to use such trashy APIs provided by Ford itself when they can't get even the basics covered and will block you at the early signal of issues ( on their side )

 

[kltye]

It's just plain stupid and bizarre that Ford's default behavior is to block users, instead of fixing their damn API. This has been done before, even when final customers were using a less than ideal implementation of API calls to Ford APIs.

It took then ages to implement OAuth for those APIs ( which they have done poorly) and fix the WEb Dashboard that was showing the 12V SOC instead of the High Voltage SOC, as it should been.

At this point, I really question why bother and waste time trying to use such trashy APIs provided by Ford itself when they can't get even the basics covered and will block you at the early signal of issues ( on their side )

Right, I'm mostly annoyed at the radio silence from Ford more than anything else. Don't want us to use the official API? Fine, let us know. Want to block us from private APIs? Sure, that's well within their right. Just communicate with us. We're your friends, not enemies.

 

[thecodingart]

Right, I'm mostly annoyed at the radio silence from Ford more than anything else. Don't want us to use the official API? Fine, let us know. Want to block us from private APIs? Sure, that's well within their right. Just communicate with us. We're your friends, not enemies.

This is definitely a reasonable response ?

 

[danielcb]

Right, I'm mostly annoyed at the radio silence from Ford more than anything else. Don't want us to use the official API? Fine, let us know. Want to block us from private APIs? Sure, that's well within their right. Just communicate with us. We're your friends, not enemies.

I believe they resort to that because their API has design flaws where they exposed sensitive and non-sensitive entry points in the same endpoint and they don't have a proper authorization layer to prevent misuse. So their default behavior is to block any possible threat, even if that's a legitimate user doing things by the book.

I bet that if/when security researchers start to dive deep into exploiting vulnerabilities at Ford products through their APIs, it will be a even worst sh.t show than what it was for KIA and their connected vehicle platform.

Also, @Ford Motor Company is being stupid and loosing a potential source of revenue. Tesla has a great API and charge for customers accessing that API.

Ford should take some cues, provide a proper and useful API and create a reasonable cost structure for it. If the API is indeed good and useful, customers will be whiling to pay to access that.

 

[hbirring01]

1. Are we still expecting Ford to do anything good related to software?
2. Ford can't do anything right with regards to software and exposed sensitive data

 

[rottwild]

I just got this update from Ford support yesterday. I reached out while working on an app, trying to understand their non-standard oauth setup:

Hello,

Thank you for your interest in Ford’s Developer Marketplace and FordConnect APIs.

Unfortunately for now a decision has been made to no longer provide credentials and access for FordConnect.

If this changes in the future, we will update developer.ford.com.



Thanks!

?

 

[kltye]

I just got this update from Ford support yesterday. I reached out while working on an app, trying to understand their non-standard oauth setup:



?

Yup, many of us have received the same robotic message from the same person.

Classic Ford non-response. Must be the same people running the OTA for BlueCruise 1.3 for '21 vehicles ?

 

[shark]

I guess there hasn't been any change in API access since the last post, huh? I just want to write a simple service alert to send myself reminders to rotate my tires every 5K miles, for example. Is there no clean and free way to do this that doesn't violate any of Ford's TOS?

 

[kltye]

I believe FordConnect Query (https://developer.ford.com/apis, first option) should meet your needs.

Sponsored