API Access

Feature Overview

The API Access feature allows Powerhub users to manage access to the Powerhub API. Users with the correct role can:

  • Create or delete a client credential that can be used to access data and devices in their instance via the Powerhub API
  • Add or remove a public IP address that can access data and devices in their instance via the Powerhub API

All requests to the Powerhub API should come from a trusted source IP that has been added to the allowlist. The client credential identity (ID) can be utilized along with the corresponding generated secret to get a token using the following command.

curl -X POST https://gridlogic-api.sn.tesla.services/v1/auth/token 
-d "grant_type=client_credentials" 
--user "$CLIENT_ID:$CLIENT_SECRET"
Informational PurposesAn informational icon, calling your attention
Note
This feature only provides Powerhub API access. It does not control access to https://powerhub.energy.tesla.com/; see Logging in to Powerhub for more information.

Feature Access

Client Credentials and IP Addresses can be managed in the API Access section of the Access & Security page.

Client Credentials

The list of client credentials includes:
  • Client credentials that currently have access
  • Client credentials that have lost access due to expiration (indicated by yellow triangle icon and a past expiration date)
To add a client credential:
  1. As the instance Owner, log in to Powerhub and navigate to the Access & Security tab.
    Informational PurposesAn informational icon, calling your attention
    Note
    See Add, Edit, and Remove User Access to grant Owner access to a user. If no owner is defined for the instance, contact your Tesla Account Manager to grant Owner access to at least one user.
  2. Expand the API Access section.
  3. Select Add Credential.
  4. Enter a Credential Name and select a Role.
    Informational PurposesAn informational icon, calling your attention
    Note
    Hovering over the information icon shows an explanation of what specific roles mean and what permissions / functionality are associated with them.
  5. Enter or select the Expiration Date.
    Informational PurposesAn informational icon, calling your attention
    Note
    Every client credential must have a set expiration date, which can be up to 365 days from the date access is granted.
  6. Select Generate new client credential.
  7. The Client Secret will be automatically generated; copy both the Client ID and Client Secret and SAVE them together in a secure location.
    Informational PurposesAn informational icon, calling your attention
    Note
    The client secret is randomly generated and is used for requesting a Powerhub API token using the /tokens endpoint. This value only appears once when the credential is added; there is no way to retrieve the secret after initial generation.
To delete a client credential, select the trash can icon next to the credential.
Informational PurposesAn informational icon, calling your attention
Note
This will cause any requests for an API token to the /tokens endpoint using this credential to fail. It may take up to ten minutes for Powerhub API tokens previously requested using the client credential to expire.
Informational PurposesAn informational icon, calling your attention
Note
Only users with the Owner role have permission to delete client credentials.

IP Addresses

The list of IP addresses in the API Access section includes only those that are currently allowed to connect to the Powerhub API.

To add an IP address, enter the IP address or CIDR range and select Add.
To remove an IP address, select the trash can icon next to the IP.
Informational PurposesAn informational icon, calling your attention
Note
Only users with the Owner role are able to add or remove IP addresses.