Lucid API

[segbrk]

Fix released, update to version 1.0.11 of the Lucid component.

 

[Tginther]

Thanks - I'll give it a try this morning!

 

[Tginther]

Thanks - I'll give it a try this morning!

Working great - thanks again!

 

[1Lucid1]

This may have been published and discussed, but I can't find it with clarity:

What is the easiest and best way to connect to Lucid car with this API as an iphone (or web browser) user? I tried https://testmycode.cc/ but it appears a proper interface had been developed. Would be nice to store data over time and track etc.

 

[segbrk]

This may have been published and discussed, but I can't find it with clarity:

What is the easiest and best way to connect to Lucid car with this API as an iphone (or web browser) user? I tried https://testmycode.cc/ but it appears a proper interface had been developed. Would be nice to store data over time and track etc.

Many of us use the Home Assistant integration to track the data over time. As far as I know that's the only form of UI that's been put together.

 

[1Lucid1]

Many of us use the Home Assistant integration to track the data over time. As far as I know that's the only form of UI that's been put together.

@segbrk @borski Thank you gentlemen for your work and tips on Home Assistant and getting the Lucid app. I was able to do it! Not easy for a bloddy beginner, but I got it all done in about 1h. @borski, you now have a new user. Q: How do you track parameters over time (battery, usage, charging, temps etc)? I want to collect data and then make a graph on temp vs mile/kwh for example, or by tire size, or by avg speed, etc.

 

[1Lucid1]

@segbrk @borski Thank you gentlemen for your work and tips on Home Assistant and getting the Lucid app. I was able to do it! Not easy for a bloddy beginner, but I got it all done in about 1h. @borski, you now have a new user. Q: How do you track parameters over time (battery, usage, charging, temps etc)? I want to collect data and then make a graph on temp vs mile/kwh for example, or by tire size, or by avg speed, etc.

How do I get the other screens that are shown in your documentation on my Home Assistant screen. I only see this and climate control.

 

[borski]

How do I get the other screens that are shown in your documentation on my Home Assistant screen. I only see this and climate control.
View attachment 26527

I’m traveling with family so tagging @segbrk in case he can assist or someone else can

Google “home assistant Lovelace” and you’ll want to build various cards on your Lovelace dashboard (which is just the normal HA dashboard)

 

[maractwin]

@segbrk @borski Thank you gentlemen for your work and tips on Home Assistant and getting the Lucid app. I was able to do it! Not easy for a bloddy beginner, but I got it all done in about 1h. @borski, you now have a new user. Q: How do you track parameters over time (battery, usage, charging, temps etc)? I want to collect data and then make a graph on temp vs mile/kwh for example, or by tire size, or by avg speed, etc.

To graph parameters over time: Click on "History" in the navigation, and add the parameter you want to graph. For instance, my car is named "Lex Lucid", so I click on "+ Choose entity", type "Lex" in the search box, then select "Lex Lucid Remaining Battery Percent" from the drop down list. That shows me a graph of the SOC over the last 24 hours. If you click on the date at the upper left, you can change what time period is displayed. And you can choose additional parameters to have them all show at once.

 

[1Lucid1]

To graph parameters over time: Click on "History" in the navigation, and add the parameter you want to graph. For instance, my car is named "Lex Lucid", so I click on "+ Choose entity", type "Lex" in the search box, then select "Lex Lucid Remaining Battery Percent" from the drop down list. That shows me a graph of the SOC over the last 24 hours. If you click on the date at the upper left, you can change what time period is displayed. And you can choose additional parameters to have them all show at once.

Thank you @maractwin @borski for the tips. That worked. Endless possibilities....here my first (non-sense) draft....Is there a way to share dashboard design with each other directly?

 

[roKapl99]

Hi,
I used the Unofficial Lucid API to grab the data from my vehicle. Link: https://testmycode.cc/
<snippet>

Field 1, battery: <br> &lt;class 'vehicle_state_service_pb2.BatteryState'&gt;:<br> Field 1, remaining_range: 230.0<br> Field 2, charge_percent: 35.50000052899122<br> Field 3, kwhr: 28.73999935761094<br> Field 4, capacity_kwhr: 80.9499981906265<br> Field 5, battery_health: WARNING_OFF (1)<br> Field 6, low_charge_level: WARNING_OFF (1)<br> Field 7, critical_charge_level: WARNING_OFF (1)<br> Field 9, preconditioning_status: BATTERY_PRECON_OFF (1)<br> Field 10, preconditioning_time_remaining: 255<br> Field 11, battery_health_level: 95.20000141859055<br> Field 13, bmu_software_version_major: 4<br> Field 14, bmu_software_version_minor: 12<br> Field 15, bmu_software_version_micro: 22<br> Field 16, battery_cell_type: BATTERY_CELL_TYPE_PANA_2170M (3)<br> Field 17, battery_pack_type: BATTERY_PACK_TYPE_AIR_16 (3)<br> Field 18, max_cell_temp: 32.300001971423626<br> Field 19, min_cell_temp: 29.500001929700375
<snippet>

Some questions if you don't mind... Is this data obtained in real time once you logged in?

Field 1, remaining_range: 230.0 ; But, currently this doesn't match what's shown in my Lucid App. App shows 142 miles remaining.

Field 4, capacity_kwhr: 80.9499981906265<br>

Field 11, battery_health_level: 95.20000141859055<br>

It seems to me, if I can read this Field 4 data correctly, my capacity is 80kWh (down from 88kWh original spec) so I have lost 9% ?
My vehicle build date is 9/2023 and I took delivery Sept 20th.

Field 11 is indicating current batt health/capacity? i.e. 95% ; but the above Field 4 suggests a loss of 9% already.

Seems confusing... and thus, any insights is most appreciated. Thanks.

What controls are in place at testmycode.cc to protect the entered password?

 

[segbrk]

What controls are in place at testmycode.cc to protect the entered password?

I put that site together. Totally understand and empathize with the concern, and this is what I did to make myself feel better:
- Your password is never logged or stored, just passed on to Lucid and promptly discarded.
- The server code is published at https://github.com/nshp/python-lucidmotors-webtool if anyone cares to look at it - though full disclosure, I have been bad and lazy and some recent bug fixes have not been pushed up there. I'll try to remember to update that this weekend.
- As a trusted moderator here and at least somewhat of a more known quantity than myself, I also gave @borski direct access to the server to make sure it's not up to anything shady.

 

[borski]

I put that site together. Totally understand and empathize with the concern, and this is what I did to make myself feel better:
- Your password is never logged or stored, just passed on to Lucid and promptly discarded.
- The server code is published at https://github.com/nshp/python-lucidmotors-webtool if anyone cares to look at it - though full disclosure, I have been bad and lazy and some recent bug fixes have not been pushed up there. I'll try to remember to update that this weekend.
- As a trusted moderator here and at least somewhat of a more known quantity than myself, I also gave @borski direct access to the server to make sure it's not up to anything shady.

I can confirm that what is running is what is in the GitHub repo, minus a couple bug fixes.

The password is never stored, never logged, and it redacts any identifiable information from both the gRPC and JSON responses from the API. If you choose to submit the results (which you are free to look over and are shown only to you in your browser, and not shared until and if you choose to), that goes to myself and @segbrk (stored on the server), but still redacted the same exact way you saw it in the browser.

And again: open source, and feel free to submit PRs or issues if you see anything wrong. We’re both security wonks, and do this for a living, but the first rule of good security is humility; if we missed anything, please let us know and we’ll fix it immediately.

 

[roKapl99]

I can confirm that what is running is what is in the GitHub repo, minus a couple bug fixes.

The password is never stored, never logged, and it redacts any identifiable information from both the gRPC and JSON responses from the API. If you choose to submit the results (which you are free to look over and are shown only to you in your browser, and not shared until and if you choose to), that goes to myself and @segbrk (stored on the server), but still redacted the same exact way you saw it in the browser.

And again: open source, and feel free to submit PRs or issues if you see anything wrong. We’re both security wonks, and do this for a living, but the first rule of good security is humility; if we missed anything, please let us know and we’ll fix it immediately.

Thanks for the reply. You both clearly have the technical skills and knowledge to produce secure software. I don't mean to be anal about this but having access to an individual's Lucid password might enable access to the Lucid app and access to any vehicles associated to the account. So protecting the password is vital. I don't doubt that you have taken that into consideration when you embarked on the project. So, a few more questions.

What about the physical security of the server? Would it pass a PCI audit for physical access?
Remote access: who has potential access to the devices you use to access the server? Spouse/significant other/Kids/KIds friends? There have been numerous incidents of individuals in the same household accessing secure servers/networks.

Again, I don't mean to beat this to death and I very much appreciate all the effort you do for this community.

 

[borski]

Thanks for the reply. You both clearly have the technical skills and knowledge to produce secure software. I don't mean to be anal about this but having access to an individual's Lucid password might enable access to the Lucid app and access to any vehicles associated to the account. So protecting the password is vital. I don't doubt that you have taken that into consideration when you embarked on the project. So, a few more questions.

What about the physical security of the server? Would it pass a PCI audit for physical access?
Remote access: who has potential access to the devices you use to access the server? Spouse/significant other/Kids/KIds friends? There have been numerous incidents of individuals in the same household accessing secure servers/networks.

Again, I don't mean to beat this to death and I very much appreciate all the effort you do for this community.

I imagine it is a server on some cloud provider, but that’s a question for @segbrk actually.

That said, the password is never stored regardless, only sent directly to Lucid in real-time. So even if physical access were a threat vector, the best they’d obtain is the:
1) code
2) already-redacted API responses

The fields it redacts from the gRPC response:

sensitive_fields = {
    'uid',
    'id_token',
    'refresh_token',
    'gigya_jwt',
    'expiry_time_sec', # not really sensitive, just unnecessary
    'email',
    'username',
    'first_name',
    'last_name',
    'vehicle_id',
    'vin',
    'ema_id',
    'latitude',
    'longitude',
}

The fields it redacts from the JSON response:

raw['uid'] = '[removed]'
    raw['sessionInfo']['idToken'] = '[removed]'
    raw['sessionInfo']['refreshToken'] = '[removed]'
    raw['sessionInfo']['gigyaJwt'] = '[removed]'
    raw['sessionInfo']['expiryTimeSec'] = '[removed]'
    raw['sessionInfo']['jwtToken'] = '[removed]'

    raw['userProfile']['email'] = '[removed]'
    raw['userProfile']['username'] = '[removed]'
    raw['userProfile']['firstName'] = '[removed]'
    raw['userProfile']['lastName'] = '[removed]'
    raw['userProfile']['emaId'] = '[removed]'

For each vehicle in the JSON response, it also removes:

raw['userVehicleData'][i]['vehicleId'] = '[removed]'
raw['userVehicleData'][i]['vehicleConfig']['vin'] = '[removed]'
raw['userVehicleData'][i]['vehicleConfig']['emaId'] = '[removed]'
raw['userVehicleData'][i]['vehicleState']['gps']['location'][
            'latitude'
        ] = '[removed]'
raw['userVehicleData'][i]['vehicleState']['gps']['location'][
            'longitude'
        ] = '[removed]'

And for each charging account:

raw['userVehicleData'][i]['vehicleConfig']['chargingAccounts'][ca][
                'emaid'
            ] = '[removed]'
raw['userVehicleData'][i]['vehicleConfig']['chargingAccounts'][ca][
                'vehicleId'
            ] = '[removed]'

And, hopefully obviously, it’s all encrypted in transit via TLS.

 

[segbrk]

Thanks for the reply. You both clearly have the technical skills and knowledge to produce secure software. I don't mean to be anal about this but having access to an individual's Lucid password might enable access to the Lucid app and access to any vehicles associated to the account. So protecting the password is vital. I don't doubt that you have taken that into consideration when you embarked on the project. So, a few more questions.

What about the physical security of the server? Would it pass a PCI audit for physical access?

I’m not very familiar with PCI, but I doubt it. Like borski said it’s a cloud VPS hosted by Hetzner, a well known German company, at their Virginia location.

Remote access: who has potential access to the devices you use to access the server? Spouse/significant other/Kids/KIds friends? There have been numerous incidents of individuals in the same household accessing secure servers/networks.

Certainly my significant other could find her way to it if so inclined, that’s about it.

Again, I don't mean to beat this to death and I very much appreciate all the effort you do for this community.

Understood. And at the end of the day if you’re not comfortable with it it’s all good. If you or someone you trust is mildly comfortable with programming environments, all of this is open source, you can also freely run it yourself and get the same data. Happy to help even.

 

[borski]

I’m not very familiar with PCI, but I doubt it. Like borski said it’s a cloud VPS hosted by Hetzner, a well known German company, at their Virginia location.

Certainly my significant other could find her way to it if so inclined, that’s about it.

Understood. And at the end of the day if you’re not comfortable with it it’s all good. If you or someone you trust is mildly comfortable with programming environments, all of this is open source, you can also freely run it yourself and get the same data. Happy to help even.

Yeah, that’s an important point - if you’re uncomfortable, don’t use it!

It’s just helpful to us to build out the API bindings as the JSON response comes back with actual values, but the gRPC response is just numbers, and we have to match those to the values in the JSON, so having a variety of owners and cars helps us build out that mapping.

The API bindings are also all open source: https://github.com/nshp/python-lucidmotors

And the Home Assistant integration is also open source: https://github.com/borski/ha-lucidmotors

 

[Cosmo Cruz]

 

[HydroYT]

Anyone know how to fix Config flow could not be loaded: 500 Internal Server Error Server got itself in trouble when trying to set up the Lucid Motors Home Assistant integration?

 

[segbrk]

Anyone know how to fix Config flow could not be loaded: 500 Internal Server Error Server got itself in trouble when trying to set up the Lucid Motors Home Assistant integration?
View attachment 26592

Huh, go to Settings > System > Logs and see if it says anything relevant there?