Create an account on developer.tesla.com and register a new application to receive a client ID; provide a public-key endpoint URL that Tesla will call to retrieve your application's public key
Generate an EC key pair (Tesla requires the P-256 curve) and host the public key in JWK format at the URL you registered so Tesla can verify signed commands
Direct vehicle owners through Tesla's OAuth 2.0 authorization flow at auth.tesla.com, requesting the required scopes (e.g., vehicle_device_data, vehicle_cmds, vehicle_charging_cmds)
Exchange the authorization code for a Tesla access token and refresh token; access tokens are short-lived so implement silent refresh
Call the Fleet API endpoint GET /api/1/vehicles to confirm the authenticated user's vehicles are visible before attempting commands
Known gotchas
Tesla requires your application's domain to serve a /.well-known/appspecific/com.tesla.3p.public-key.pem endpoint before the OAuth flow will succeed — the key must be in PEM format at that exact path
Fleet API access for non-personal use requires Tesla approval and a signed partner agreement; the self-serve developer tier has rate limits and may not allow production-scale commands
Refresh tokens can be invalidated if the user revokes access from their Tesla account; always handle 401 responses by prompting re-authorization rather than silently retrying
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp