mercedes-byocar-exporter

Luzifer / mercedes-byocar-exporter

This repository contains an Prometheus & InfluxDB exporter for the Mercedes Benz "Bring Your Own Car" (BYOCAR) API products.

Features:

• Store credentials either in Vault or in a local JSON file
• Fetch data for all cars in your MercedesME account
• Prometheus exporter for the metrics
• InfluxDB exporter avoiding spamming entries to the database by using reported dates from Mercedes API

Usage

# mercedes-byocar-exporter
Usage of mercedes-byocar-exporter:
      --client-id string          Client-ID of Mercedes Developers Console App
      --client-secret string      Client-Secret of Mercedes Developers Console App
      --credential-file string    Where to store tokens when using client-id from CLI parameters (default "credentials.json")
      --fetch-interval duration   How often to ask the Mercedes API for updates (default 15m0s)
      --influx-export string      Set to url (http[s]://user:pass@host[:port]/database) to enable Influx exporter
      --listen string             Port/IP to listen on (default ":3000")
      --log-level string          Log level (debug, info, warn, error, fatal) (default "info")
      --redirect-url string       Redirect URL registered in Mercedes Developers Console (default "http://127.0.0.1:3000/store-token")
      --vault-key string          Use credentials from and update in Vault
      --vehicle-id strings        Vehicle identification number (e.g. WDB111111ZZZ22222)
      --version                   Prints current version and exits

Setup: Create the Mercedes Developer App

• Go to the Mercedes Benz Developer Portal and log in with your Mercedes ID (the same you've registered your car to in Mercedes ME)
• Create a new project in the console section
• Add these products ("Get free" -> BYOCAR -> Select your Project)
  • Vehicle Status BYOCAR
  • Pay As You Drive Insurance BYOCAR
  • Electric Vehicle Status BYOCAR
  • Vehicle Lock Status BYOCAR
  • Fuel Status BYOCAR
• Note down Client ID and Client Secret of your project
• Add the redirect URL you will deploy this exporter to (https://exporter.example.com/store-token)

Setup: Deploy the exporter

You can

• build the Go application by running go build in the checkout
• build the Docker container by running docker build . in the checkout
• get a pre-built image

When running with local JSON-file as storage you need to specify the client-id, client-secret and credential-file flags or corresponding environment variables (CLIENT_ID, CLIENT_SECRET, CREDENTIAL_FILE).

When running with Vault as storage backend specify the vault-key (VAULT_KEY), VAULT_ADDR and VAULT_TOKEN or VAULT_ROLE_ID / VAULT_SECRET_ID for access to Vault. Inside Vault KV v1 backend store this JSON (set your client-id and secret): {"client-id": "", "client-secret": ""} and make sure the process can write to that key to store user tokens.

In all cases specify one or more --vehicle-id (VEHICLE_ID=WDB111111ZZZ22222,WDB111111ZZZ22223) to fetch data for. All of those cars must be associated to your Mercedes ID.

Setup: Authorize exporter

When everything is running you should be able to access the exporter:

• https://exporter.example.com/auth - Redirect to authorize your project to access your car(s)
• https://exporter.example.com/healthz - Health-Check endpoint
• https://exporter.example.com/metrics - Text-version of exported metrics

You need to access the /auth route once to fetch access- and refresh-keys. If something wents wrong with those keys you can re-authorize the app using this route.

Setup: Security

⚠️ This exporter does not have any security measures like access control and will never have them!

I strongly advice to put the exporter behind auth or any non-public network and ensure no unauthorized user can access any of the endpoints:

• The /auth endpoint can be used to mess with the authorization (even though this makes no sense as it will just replace the credentials)
• The /metrics endpoint will expose your VIN/FIN to anyone accessing it