Create a Tesla developer account and register a partner application at the Tesla Fleet API developer portal, providing your application domain and OAuth redirect URIs
Generate an EC key pair using the secp256r1 (prime256v1) curve; keep the private key secret and PEM-encode the public key
Host the PEM-encoded public key at the well-known path on your domain: https://<your-domain>/.well-known/appspecific/com.tesla.3p.public-key.pem with correct Content-Type
Call the partner account register endpoint with your client credentials to complete domain verification; Tesla will fetch your hosted public key during this step
Configure your OAuth client to request the correct scopes for the vehicle data and commands your application needs
Test the full auth flow end-to-end in the Tesla developer sandbox before submitting for production approval
Known gotchas
The public key must remain hosted and reachable at the well-known URL at all times; if it becomes unavailable, signed command delivery will fail
The domain displayed to end users during the mobile-app virtual key pairing flow is derived from your registered application domain — use a production domain even during development to avoid confusing customers
Tesla's partner onboarding process includes a review step that can take time; build this lead time into your integration timeline
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp