Security Flow

Your security in 5 simple steps. GuestKeyTS never sees or stores your Tesla password.

🧑 You (Tesla Owner) 🔐 Tesla Login auth.tesla.com Your password stays here! ↑ Tesla's own secure page sign in 🎫 GuestKeyTS Receives OAuth token (not your password!) token 1 Authenticate with Tesla 🚫 GuestKeyTS NEVER has your password 2 Add Third-Party Key (one-time setup) 📱 Tesla App Locks → Third-Party Keys Add: backside.hermes-tv.com Approve with key card / phone key 🚗 Your Tesla Stores the public key locally on vehicle installs key ☝️ One-time only! Required for API → car 3 App Check — only verified apps allowed 📱 GuestKeyTS App Apple App Attest proves this is the real app 🛡️ Firebase App Check Validates attestation token Rejects all other clients attest token 🚫 Scripts, bots, & modified apps are blocked here 4 Guest uses controls 🎫 GuestKeyTS Uses OAuth token to send signed command ⚡ Tesla Fleet API Verifies token & signature Routes command securely signed cmd 🔏 Cryptographically signed every time 5 Command reaches your car ⚡ Tesla API Forwards verified command to your vehicle 🚗 Your Tesla Verifies using local key from Step 2 ✅ execute! ✅ Seat heater on! Secure end-to-end 🛡️ Always in control — Revoke access anytime! Change your Tesla password (instantly expires all tokens) • Remove the third-party key from your vehicle

You're always in control — Revoke GuestKeyTS access anytime using either method:

Change Tesla Password

Instantly expires OAuth + refresh tokens

Remove Third-Party Key

In vehicle: Locks → Keys