VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

A tale of two electric car smartwatch API strategies

Nikki Gordon-Bloomfield has written a piece in Transport Evolved this week about some third-party smartwatch apps developed using Tesla's unofficial API. These follow on from the original unofficial Tesla Apple Watch app developed by Elek. While it's definitely possible to see merit in "letting a thousand flowers bloom" of unofficial apps, it is understandably worrying for security people to think about car apps calling an unofficial reverse-engineered API.

Another approach is what BMW has done for smartwatch (and smartphone) apps for their BMWi electric cars. These apps make use of the ConnectedDrive API. In this Axway video about the BMWi apps, with our implementation partner IC-Consult, you can learn about how this API makes use of OAuth and other security technologies, through an Axway API Gateway.This ensures security of the API itself, as well as enabling end-users to choose which aspects of the car they want the app to control (mapped via OAuth scopes, as explained in the video).

Here is a still from the video which shows the various apps, including a smartwatch app:

The API Gateway layer applies security, between the apps and the ConnectedDrive infrastruture:

And here's a double-click down on the architecture, showing the smartwatch and smartphone iRemote apps (on the left), with the API Gateway implementing OAuth (in the center), in front of the ConnectedDrive infrastructure (on the right). Click on the image to see the full video, including the OAuth flow (this piece is approx minute 17 onwards):

The era of smartwatch apps connecting to cars is upon us. API security has a key role to play. 

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.