Sponsored

Rivian API

travbz814

Well-Known Member
Joined
May 24, 2022
Threads
5
Messages
98
Reaction score
43
Location
Iowa
Vehicles
R1T, M3P
Clubs
 
@boardthatpowder - will it notify for the "eligibleForNewVehicleInventoryMarketplace": ?

I got a shop email earlier but when trying to access I'm redirected to a Rivian 404 error page. When looking at graphql I have a null value here still.
Sponsored

 

travbz814

Well-Known Member
Joined
May 24, 2022
Threads
5
Messages
98
Reaction score
43
Location
Iowa
Vehicles
R1T, M3P
Clubs
 
@boardthatpowder - ignore last message, new question ;)

Do you know what the delivery steps that might return? Mine is showing:

contracts: CONTRACTS_SIGNING_COMPLETE
payment: NO_PAYMENT_REQUIRED
delivery: INIT
 

boardthatpowder

Well-Known Member
First Name
Dean
Joined
Sep 10, 2021
Threads
5
Messages
137
Reaction score
143
Location
CO
Vehicles
Rivian R1T, Audi Q5
Do you know what the delivery steps that might return? Mine is showing:
Hey @travbz814, mine show as:

Code:
        titleAndReg: COMPLETED
        tradeIn: DONE_NOT_WANTED
        finance: CONTRACT_SIGNED
        insurance: DONE_POI_APPROVED
        documentUpload: DOCUMENTS_APPROVED
        contracts: CONTRACTS_SIGNING_COMPLETE
        payment: ADDITIONAL_PAYMENT_REQUIRED
        delivery: DELIVERY_ACCEPTED
Will take a look at your `eligibleForNewVehicleInventoryMarketplace` question. I don't think I'm retrieving that one, so will need to take a look at where its from.

@atlastracer will also pull your updates into the gist. Thanks for implementing that :)
 

Lizardo

Well-Known Member
Joined
Jun 9, 2022
Threads
27
Messages
702
Reaction score
476
Location
TX
Vehicles
R1T
Occupation
Self
Clubs
 
Thanks. Tried the script on my m1 mac

Get this error


payload = '{"query":"mutation createCsrfToken { createCsrfToken {


^

SyntaxError: unterminated string literal (detected at line 60)

Thanks
 

sub

Well-Known Member
Joined
Jul 23, 2021
Threads
21
Messages
1,365
Reaction score
2,352
Location
USA
Vehicles
Rivian R1S, Tesla Model 3
Thanks. Tried the script on my m1 mac

Get this error


payload = '{"query":"mutation createCsrfToken { createCsrfToken {


^

SyntaxError: unterminated string literal (detected at line 60)

Thanks
You are missing a close quote mark someplace. Alternatively, you could have a line break or some other symbol that tells it to quit looking for the closing quote, between the open and the close.
 

Sponsored

Lizardo

Well-Known Member
Joined
Jun 9, 2022
Threads
27
Messages
702
Reaction score
476
Location
TX
Vehicles
R1T
Occupation
Self
Clubs
 
You are missing a close quote mark someplace. Alternatively, you could have a line break or some other symbol that tells it to quit looking for the closing quote, between the open and the close.

Thanks. Got it working.


25/06/2022 09:40:38:

state: CONFIGURED
configurationStatus: CONFIGURED
fulfillmentSummaryStatus: None
vehicleId: None
 

kaedenb

Member
First Name
Kaeden
Joined
Jul 1, 2022
Threads
1
Messages
5
Reaction score
2
Location
Seattle, WA
Vehicles
Model 3
Anyone been able to get any info on the vehicle API? I've collected most of what I know here:
Vehicle API | Unofficial Rivian Feedback Hub

I tried monitoring traffic from the app, but it seems to do some additional SSL cert verification since all its network requests failed, even with the new certificate installed. Most of what I know so far is from the decompiled Android app code.
 

AdamUCF

Well-Known Member
First Name
Adam
Joined
Apr 3, 2022
Threads
13
Messages
299
Reaction score
434
Location
Orlando, FL
Vehicles
June 2022 R1T
Here's what a command looks like to unlock the doors.
Code:
POST https://cloud.rivianservices.com/rdata/api/v1/control HTTP/1.1
Authorization: Bearer [access token]
Content-Type: application/json; charset=UTF-8
Content-Length: 222
Host: cloud.rivianservices.com
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.9.2


{
    "car": "01-123456789",
    "app": "mobile",
    "command": "UNLOCK_ALL_CLOSURES",
    "VAS_phone_id": "e43f24c5-0ca3-47ba-abfe-e154fcf5f1d7",
    "timestamp": "1657163691",
    "hmac": "932FD3F751B88B52355E85D47D60B0999B55B4C4C9DE41C33419F0CB4DAEE427"
}
Based on everything I've seen, they're generating a public/private key in the app then enrolling that device using the public key. They use the private key to generate a (probably hmac sha256) signature that the truck (and Rivian APIs) can validate before acting. The timestamp is probably the salt to prevent replay. So in order to make these calls outside of the device enrolled as a key, you'd need to fully figure out that hash algorithm and extract the private key from your device to then implement the hash function. Not insurmountable unless they're enforcing hardware storage for that key (is that a thing on Android?).
 

jrgutier

Member
First Name
Jose
Joined
Apr 4, 2022
Threads
0
Messages
21
Reaction score
16
Location
Oklahoma City, OK
Vehicles
Rivian R1T
Clubs
 
Last edited:

jrgutier

Member
First Name
Jose
Joined
Apr 4, 2022
Threads
0
Messages
21
Reaction score
16
Location
Oklahoma City, OK
Vehicles
Rivian R1T
Clubs
 
Here's what a command looks like to unlock the doors.
Code:
POST https://cloud.rivianservices.com/rdata/api/v1/control HTTP/1.1
Authorization: Bearer [access token]
Content-Type: application/json; charset=UTF-8
Content-Length: 222
Host: cloud.rivianservices.com
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.9.2


{
    "car": "01-123456789",
    "app": "mobile",
    "command": "UNLOCK_ALL_CLOSURES",
    "VAS_phone_id": "e43f24c5-0ca3-47ba-abfe-e154fcf5f1d7",
    "timestamp": "1657163691",
    "hmac": "932FD3F751B88B52355E85D47D60B0999B55B4C4C9DE41C33419F0CB4DAEE427"
}
Based on everything I've seen, they're generating a public/private key in the app then enrolling that device using the public key. They use the private key to generate a (probably hmac sha256) signature that the truck (and Rivian APIs) can validate before acting. The timestamp is probably the salt to prevent replay. So in order to make these calls outside of the device enrolled as a key, you'd need to fully figure out that hash algorithm and extract the private key from your device to then implement the hash function. Not insurmountable unless they're enforcing hardware storage for that key (is that a thing on Android?).
I’ve tried to decompile the apk to find the right routine and what the inputs are for the hmac. No luck, my RE skills arent good enough.
 

Sponsored

Lizardo

Well-Known Member
Joined
Jun 9, 2022
Threads
27
Messages
702
Reaction score
476
Location
TX
Vehicles
R1T
Occupation
Self
Clubs
 
Received this update just now :

state: CONFIGURED
configurationStatus: CONFIGURED
fulfillmentSummaryStatus: SELECTED_FOR_FULFILLMENT
vehicleId: None
 

goldburger

Well-Known Member
Joined
Feb 5, 2022
Threads
16
Messages
1,487
Reaction score
1,689
Location
Los Angeles
Vehicles
2022 R1T
I updated my address a few weeks back to my new house and the graphql hasn't updated at all.
 

OverZealous

Well-Known Member
Joined
Oct 19, 2021
Threads
8
Messages
581
Reaction score
1,459
Location
Louisville, Kentucky
Vehicles
2022 R1T LE, 2023 R1S Quad-Adventure
Occupation
Product Manager / Front-End Developer
I updated my address a few weeks back to my new house and the graphql hasn't updated at all.
There's a couple things here that make this somewhat annoying.
  1. There's actually two places where your address is stored: Profile > Addresses but there's a different one for each vehicle as well! Click on the vehicle, then scroll down to Your Delivery Address. This is absurdly stupid, IMO, and confusing for most people.
  2. Besides this, there's a separate, hidden address stored in the system that only guides can change (maybe customer support, but I believe they say they can't fix it permanently). I had this issue with mine, the vehicle was going to be shipped to my house, but the accessories were stuck being shipped to the wrong address. Nothing I changed updated these—even adding and removing the accessories. This actually has me worried moving forward that I'll continue having issues with this account with future orders.
The best thing is, they know about the issue. If you have a guide—especially if you locked in your order—have them double check all the addresses. I did this, and luckily it fixed the shipping address for the accessories.
 

goldburger

Well-Known Member
Joined
Feb 5, 2022
Threads
16
Messages
1,487
Reaction score
1,689
Location
Los Angeles
Vehicles
2022 R1T
Wow I see it. Why… why would they do that.
 

p3ck

Well-Known Member
First Name
Bill
Joined
May 3, 2021
Threads
6
Messages
198
Reaction score
289
Location
Massachusettes, USA
Vehicles
Rivian R1T
Occupation
Software Engineer
Clubs
 
 




Top