Sign up to save your podcasts
Or
Share Volkswagen Is Locking Out Its API Access. It's Making A Mistake. Here's Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Volkswagen Is Locking Out Its API Access. It's Making A Mistake. Here's Why
The Volkswagen Group — one in every ten cars sold worldwide — has quietly locked down third-party API access to its connected vehicle services, making it exclusively pay-to-play for developers and killing off the open-source tools thousands of owners relied on for solar charging, Home Assistant integrations, and more. The official reason? Data protection. The reality? Meet CARIAD — the same software arm that left 800,000 customers' vehicle data sitting in an unprotected cloud bucket, no password required.
We dig into why Volkswagen's decision is bad for owners, bad for security, and bad for the right-to-repair movement — and why, if history is any guide, enthusiasts will find another way in anyway. Plus: why open-source API access makes connected cars more secure, not less, and what hardware alternatives already exist for owners who want their data back.
If you're a Transport Evolved regular, you know how we feel about this. And if you're new here — welcome. Pull up a chair.
00:00 - Introduction
02:55 - The Volkswagen Group is massive
04:45 - Locking down the API
05:30 - What an API is
08:12 - Volkswagen used to quietly allow third-party access
09:05 - The announcement
09:47 - Why the Volkswagen Group says it's doing it
10:54 - "Tough Love"?
12:48 - VW Group isn't the first... or the last
14:59 - It'd be easy to rant... but...
15:33 - A reminder why we're here
16:55 - Why telematics need to be more open
18:12 - An example of good behavior: EVCC
19:55 - Cutting off Home Assistant
20:25 - Captive audiences can be advertised to
21:03 - Security through obfuscation
23:26 - Folks are already reverse engineering it
24:46 - There are other ways... OVMS for a start
26:51 - Thanks and Goodbye!
Sources and Further Reading:
The VW API Announcement
Volkswagen Group Info Services AG — Original April 2, 2026 announcement
https://drivesomethinggreater.com/newsroom/short-news/2026-4-02-Transition
The CARIAD Data Breach
BleepingComputer — 800,000 EV owners' data exposed via misconfigured AWS bucket
https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-electric-cars-and-owners-exposed-online/
TechCrunch — Terabytes of VW Group customer data left exposed for months
https://techcrunch.com/?p=2937618
Dark Reading — Breakdown of what data was exposed and who was affected
https://www.darkreading.com/cyberattacks-data-breaches/volkswagen-breach-exposes-data-of-800k-customers
Further Reading
Heise Online — Deep dive into what the API closure actually broke
https://www.heise.de/en/news/VW-cuts-owners-access-to-their-own-vehicle-data-with-API-change-11312776.html
Electrive — Industry perspective on the closure and its implications
https://www.electrive.com/2026/06/01/vw-locks-api-for-external-charging-control/
Consumer Rights Wiki — Detailed timeline of the shutdown and community response
https://consumerrights.wiki/w/Volkswagen_Carnet_API_shutdown
Open Source For You — EU Data Act implications of the closure
https://www.opensourceforu.com/2026/06/volkswagen-api-shake-up-triggers-eu-data-act-questions/
EVCC GitHub Discussion — Community thread tracking the closure in real time
https://github.com/evcc-io/evcc/discussions/30236
Open Source Tools
EVCC — Open-source solar EV charging controller
https://evcc.io/en/
EVCC on GitHub — Source code
https://github.com/evcc-io/evcc
OVMS — Open Vehicle Monitoring System
https://www.openvehicles.com
OVMS on GitHub — Source code
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3
Nikki's local-fcsp Home Assistant integration — Open-source Ford Charge Station Pro integration
https://github.com/aminorjourney/local-fcsp
Background
Cory Doctorow — "Enshittification": the term used in this video, and the concept behind it
https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys
👥 Today’s Sponsors
🌱 Electric Vehicle Association - https://www.myeva.org
⚡ EnergySage - https://www.kqzyfj.com/click-101290941-16952262
—
✊ Get Involved 🗳️ https://indivisible.org/town-hall-resources
❤️ Support the Show
📰 https://www.transportevolved.com
🔥 https://www.patreon.com/transportevolved
☕ https://ko-fi.com/transportevolved
📺 https://www.youtube.com/transportevolved
👕 https://www.redbubble.com/people/TransportEVd/
🛍️ https://amzn.to/40xOyjm
₿ 1QRZRGCCXUKPDZ2DZ9KX9JYJXMZDYHYGFZ0MN4WH
💬 Join the Conversation
🐘 https://mastodon.transportevolved.com/@show
💬 https://discord.gg/9WAjfQn
💬 https://fluxer.gg/mcj8aehg
🌀 https://bsky.app/profile/transportevolved.bsky.social
🔁 Subscribe to our 2nd channel - https://www.youtube.com/transportevolvedtake2
🎙️ Credits:
Host, Script, Editor: Nikki Gordon-Bloomfield
Color: Vi Horton
Art & Animation : Erin Carlie
Producer: Nikki Gordon-Bloomfield
Music: via Artlist.io
View all episodes
By The Volkswagen Group — one in every ten cars sold worldwide — has quietly locked down third-party API access to its connected vehicle services, making it exclusively pay-to-play for developers and killing off the open-source tools thousands of owners relied on for solar charging, Home Assistant integrations, and more. The official reason? Data protection. The reality? Meet CARIAD — the same software arm that left 800,000 customers' vehicle data sitting in an unprotected cloud bucket, no password required.
We dig into why Volkswagen's decision is bad for owners, bad for security, and bad for the right-to-repair movement — and why, if history is any guide, enthusiasts will find another way in anyway. Plus: why open-source API access makes connected cars more secure, not less, and what hardware alternatives already exist for owners who want their data back.
If you're a Transport Evolved regular, you know how we feel about this. And if you're new here — welcome. Pull up a chair.
00:00 - Introduction
02:55 - The Volkswagen Group is massive
04:45 - Locking down the API
05:30 - What an API is
08:12 - Volkswagen used to quietly allow third-party access
09:05 - The announcement
09:47 - Why the Volkswagen Group says it's doing it
10:54 - "Tough Love"?
12:48 - VW Group isn't the first... or the last
14:59 - It'd be easy to rant... but...
15:33 - A reminder why we're here
16:55 - Why telematics need to be more open
18:12 - An example of good behavior: EVCC
19:55 - Cutting off Home Assistant
20:25 - Captive audiences can be advertised to
21:03 - Security through obfuscation
23:26 - Folks are already reverse engineering it
24:46 - There are other ways... OVMS for a start
26:51 - Thanks and Goodbye!
Sources and Further Reading:
The VW API Announcement
Volkswagen Group Info Services AG — Original April 2, 2026 announcement
https://drivesomethinggreater.com/newsroom/short-news/2026-4-02-Transition
The CARIAD Data Breach
BleepingComputer — 800,000 EV owners' data exposed via misconfigured AWS bucket
https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-electric-cars-and-owners-exposed-online/
TechCrunch — Terabytes of VW Group customer data left exposed for months
https://techcrunch.com/?p=2937618
Dark Reading — Breakdown of what data was exposed and who was affected
https://www.darkreading.com/cyberattacks-data-breaches/volkswagen-breach-exposes-data-of-800k-customers
Further Reading
Heise Online — Deep dive into what the API closure actually broke
https://www.heise.de/en/news/VW-cuts-owners-access-to-their-own-vehicle-data-with-API-change-11312776.html
Electrive — Industry perspective on the closure and its implications
https://www.electrive.com/2026/06/01/vw-locks-api-for-external-charging-control/
Consumer Rights Wiki — Detailed timeline of the shutdown and community response
https://consumerrights.wiki/w/Volkswagen_Carnet_API_shutdown
Open Source For You — EU Data Act implications of the closure
https://www.opensourceforu.com/2026/06/volkswagen-api-shake-up-triggers-eu-data-act-questions/
EVCC GitHub Discussion — Community thread tracking the closure in real time
https://github.com/evcc-io/evcc/discussions/30236
Open Source Tools
EVCC — Open-source solar EV charging controller
https://evcc.io/en/
EVCC on GitHub — Source code
https://github.com/evcc-io/evcc
OVMS — Open Vehicle Monitoring System
https://www.openvehicles.com
OVMS on GitHub — Source code
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3
Nikki's local-fcsp Home Assistant integration — Open-source Ford Charge Station Pro integration
https://github.com/aminorjourney/local-fcsp
Background
Cory Doctorow — "Enshittification": the term used in this video, and the concept behind it
https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys
👥 Today’s Sponsors
🌱 Electric Vehicle Association - https://www.myeva.org
⚡ EnergySage - https://www.kqzyfj.com/click-101290941-16952262
—
✊ Get Involved 🗳️ https://indivisible.org/town-hall-resources
❤️ Support the Show
📰 https://www.transportevolved.com
🔥 https://www.patreon.com/transportevolved
☕ https://ko-fi.com/transportevolved
📺 https://www.youtube.com/transportevolved
👕 https://www.redbubble.com/people/TransportEVd/
🛍️ https://amzn.to/40xOyjm
₿ 1QRZRGCCXUKPDZ2DZ9KX9JYJXMZDYHYGFZ0MN4WH
💬 Join the Conversation
🐘 https://mastodon.transportevolved.com/@show
💬 https://discord.gg/9WAjfQn
💬 https://fluxer.gg/mcj8aehg
🌀 https://bsky.app/profile/transportevolved.bsky.social
🔁 Subscribe to our 2nd channel - https://www.youtube.com/transportevolvedtake2
🎙️ Credits:
Host, Script, Editor: Nikki Gordon-Bloomfield
Color: Vi Horton
Art & Animation : Erin Carlie
Producer: Nikki Gordon-Bloomfield
Music: via Artlist.io