Can't get rid of 429

[Boguinhos]

Describe the issue

Can't login on rest_of_world through API CLI , stating HTTPStatusError: Client error '429 Too Many Requests'
It just won't go away regardless of the time i wait. (using rest_of_world

Expected behavior

Hopefully i would connect. i had things working great before this captcha thing. :(

Which Home Assistant version are you using?

no home assistant, just CLI

What was the last working version of Home Assistant Core?

No response

What is your region?

Rest of world

MyBMW website

• I can still successfully login to the BMW MyBMW website and the car status is available there.
• I have MyBMW enabled for my vehicle.

Number of cars

• I have 2 or more cars linked to the MyBMW account.
• I have a Mini vehicle linked to my account.
• I have a Toyota Supra vehicle linked to my account.

Output of bimmer_connected fingerprint

No response

Anything in the logs that might be useful for us?

EBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:httpx:load_ssl_context verify=True cert=None trust_env=True http2=False
DEBUG:httpx:load_verify_locations cafile='/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certifi/cacert.pem'
DEBUG:httpx:load_ssl_context verify=True cert=None trust_env=True http2=False
DEBUG:httpx:load_verify_locations cafile='/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certifi/cacert.pem'
DEBUG:bimmer_connected.api.authentication:Authenticating with MyBMW flow for North America & Rest of World.
DEBUG:httpcore.connection:connect_tcp.started host='cocoapi.bmwgroup.com' port=443 local_address=None timeout=30.0 socket_options=None
DEBUG:httpcore.connection:connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7fa338453160>
DEBUG:httpcore.connection:start_tls.started ssl_context=<ssl.SSLContext object at 0x7fa3182e4f40> server_hostname='cocoapi.bmwgroup.com' timeout=30.0
DEBUG:httpcore.connection:start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7fa3384465b0>
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'GET']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'GET']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'GET']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Date', b'Sat, 23 Nov 2024 16:01:52 GMT'), (b'Content-Type', b'application/json; charset=utf-8'), (b'Content-Length', b'580'), (b'Connection', b'keep-alive'), (b'x-correlation-id', b'79dd3d6e-80ef-45c7-80ff-3922fd9fa65b'), (b'bmw-correlation-id', b'79dd3d6e-80ef-45c7-80ff-3922fd9fa65b'), (b'x-cluster-mock-used', b'false'), (b'Strict-Transport-Security', b'max-age=31536000; includeSubDomains'), (b'X-Content-Type-Options', b'nosniff'), (b'Content-Security-Policy', b"default-src 'self'"), (b'Request-Context', b'appId=cid-v1:24f34ad2-7e62-4399-93db-3071c599c619'), (b'x-azure-ref', b'20241123T160152Z-17cb9b4dc7bx2mz4hC1LISk6kn0000000drg0000000081n0'), (b'X-Cache', b'CONFIG_NOCACHE'), (b'Accept-Ranges', b'bytes')])
INFO:httpx:HTTP Request: GET https://cocoapi.bmwgroup.com/eadrax-ucs/v1/presentation/oauth/config "HTTP/1.1 200 OK"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'GET']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
DEBUG:httpcore.connection:connect_tcp.started host='customer.bmwgroup.com' port=443 local_address=None timeout=30.0 socket_options=None
DEBUG:httpcore.connection:connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7fa3183113d0>
DEBUG:httpcore.connection:start_tls.started ssl_context=<ssl.SSLContext object at 0x7fa3182e4f40> server_hostname='customer.bmwgroup.com' timeout=30.0
DEBUG:httpcore.connection:start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7fa328304df0>
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 429, b'Too Many Requests', [(b'date', b'Sat, 23 Nov 2024 16:01:53 GMT'), (b'content-type', b'application/json'), (b'Content-Length', b'0'), (b'access-control-allow-headers', b'Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, X-c2b-External-Id, Content-Type, Accept, Cache-Control, KeyId, x-dtc, deviceName, loginId, clientId, X-C2b-Api-Key, hcaptchatoken'), (b'access-control-max-age', b'3628800'), (b'access-control-allow-credentials', b'true'), (b'access-control-allow-methods', b'POST, GET, OPTIONS, PUT, DELETE, HEAD'), (b'referrer-policy', b'same-origin'), (b'x-xss-protection', b'0'), (b'x-content-type-options', b'nosniff'), (b'x-frame-options', b'SAMEORIGIN'), (b'x-c2b-request-id', b'b81d5a57-97ad-4099-8d83-394a7f73dbbf128803'), (b'x-request-id', b'ef1b9244-c848-4f60-91f9-ddf72a132d34'), (b'via', b'1.1 google'), (b'Alt-Svc', b'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000')])
INFO:httpx:HTTP Request: POST https://customer.bmwgroup.com/gcdm/oauth/authenticate "HTTP/1.1 429 Too Many Requests"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
DEBUG:bimmer_connected.api.authentication:Sleeping 4 seconds due to 429 Too Many Requests
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 429, b'Too Many Requests', [(b'date', b'Sat, 23 Nov 2024 16:01:57 GMT'), (b'content-type', b'application/json'), (b'Content-Length', b'0'), (b'access-control-allow-headers', b'Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, X-c2b-External-Id, Content-Type, Accept, Cache-Control, KeyId, x-dtc, deviceName, loginId, clientId, X-C2b-Api-Key, hcaptchatoken'), (b'access-control-max-age', b'3628800'), (b'access-control-allow-credentials', b'true'), (b'access-control-allow-methods', b'POST, GET, OPTIONS, PUT, DELETE, HEAD'), (b'referrer-policy', b'same-origin'), (b'x-xss-protection', b'0'), (b'x-content-type-options', b'nosniff'), (b'x-frame-options', b'SAMEORIGIN'), (b'x-c2b-request-id', b'0dc76058-4960-4272-9908-64c31048e4ff438126'), (b'x-request-id', b'cb2810ee-c030-4f44-b4f7-94d9f8ebb792'), (b'via', b'1.1 google'), (b'Alt-Svc', b'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000')])
INFO:httpx:HTTP Request: POST https://customer.bmwgroup.com/gcdm/oauth/authenticate "HTTP/1.1 429 Too Many Requests"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
DEBUG:bimmer_connected.api.authentication:Sleeping 4 seconds due to 429 Too Many Requests
DEBUG:httpcore.connection:close.started
DEBUG:httpcore.connection:close.complete
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 429, b'Too Many Requests', [(b'date', b'Sat, 23 Nov 2024 16:02:01 GMT'), (b'content-type', b'application/json'), (b'Content-Length', b'0'), (b'access-control-allow-headers', b'Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, X-c2b-External-Id, Content-Type, Accept, Cache-Control, KeyId, x-dtc, deviceName, loginId, clientId, X-C2b-Api-Key, hcaptchatoken'), (b'access-control-max-age', b'3628800'), (b'access-control-allow-credentials', b'true'), (b'access-control-allow-methods', b'POST, GET, OPTIONS, PUT, DELETE, HEAD'), (b'referrer-policy', b'same-origin'), (b'x-xss-protection', b'0'), (b'x-content-type-options', b'nosniff'), (b'x-frame-options', b'SAMEORIGIN'), (b'x-c2b-request-id', b'0dc76058-4960-4272-9908-64c31048e4ff438718'), (b'x-request-id', b'f5bdc8ea-a369-4aa1-8723-af6a56aa04cd'), (b'via', b'1.1 google'), (b'Alt-Svc', b'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000')])
INFO:httpx:HTTP Request: POST https://customer.bmwgroup.com/gcdm/oauth/authenticate "HTTP/1.1 429 Too Many Requests"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
DEBUG:bimmer_connected.api.authentication:Sleeping 4 seconds due to 429 Too Many Requests
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 429, b'Too Many Requests', [(b'date', b'Sat, 23 Nov 2024 16:02:05 GMT'), (b'content-type', b'application/json'), (b'Content-Length', b'0'), (b'access-control-allow-headers', b'Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, X-c2b-External-Id, Content-Type, Accept, Cache-Control, KeyId, x-dtc, deviceName, loginId, clientId, X-C2b-Api-Key, hcaptchatoken'), (b'access-control-max-age', b'3628800'), (b'access-control-allow-credentials', b'true'), (b'access-control-allow-methods', b'POST, GET, OPTIONS, PUT, DELETE, HEAD'), (b'referrer-policy', b'same-origin'), (b'x-xss-protection', b'0'), (b'x-content-type-options', b'nosniff'), (b'x-frame-options', b'SAMEORIGIN'), (b'x-c2b-request-id', b'0dc76058-4960-4272-9908-64c31048e4ff439339'), (b'x-request-id', b'a888bbb2-2f47-476c-b90b-e271f333a4b9'), (b'via', b'1.1 google'), (b'Alt-Svc', b'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000')])
INFO:httpx:HTTP Request: POST https://customer.bmwgroup.com/gcdm/oauth/authenticate "HTTP/1.1 429 Too Many Requests"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
ERROR:bimmer_connected.api.authentication:MyBMWAuthError due to HTTPStatusError: Client error '429 Too Many Requests' for url 'https://customer.bmwgroup.com/gcdm/oauth/authenticate'
For more information check: https://httpstatuses.com/429
DEBUG:httpcore.connection:close.started
DEBUG:httpcore.connection:close.complete
MyBMWAuthError: HTTPStatusError: Client error '429 Too Many Requests' for url 'https://customer.bmwgroup.com/gcdm/oauth/authenticate'
For more information check: https://httpstatuses.com/429

Additional information

No response

[rikroe]

Tl;dr: stop everything and wait until tomorrow.

If you have 429 errors, wait until 00:00 / 12am UTC and make sure that no automatic scripts are running.
We assume you get IP banned sometimes and it usually resets the next day.

[Boguinhos]

Tl;dr: stop everything and wait until tomorrow.

If you have 429 errors, wait until 00:00 / 12am UTC and make sure that no automatic scripts are running.

We assume you get IP banned sometimes and it usually resets the next day.

Thank you for your reply.
Altough i understand what you mean, i've logged out of the app, changed password, and now i can't log back in. Even on another ip address. (Mobile phone).
Could it be that something is off on BMW api side?

[rikroe]

Wait until tomorrow, maybe your whole account got locked.

Also, an issue with BMW APIs could also happen as well ;)

[Boguinhos]

Wait until tomorrow, maybe your whole account got locked.

Also, an issue with BMW APIs could also happen as well ;)

Yeah, we've passed 00:00 and the problem persists...

[rikroe]

Then I cannot help you except the what was written before:

• stop everything connecting to BMW API for 24 hours
• try logging in to MyBMW website (or reset password if that doesn't work - but only after 24 hours)

If you after 24 hours cannot access your account via app/website, either wait even longer or call BMW support.

Please keep in mind that this is an unofficial library that only reverse engineers to mobile app. So in no way approved/endorsed by BMW.

[Boguinhos]

Then I cannot help you except the what was written before:

• stop everything connecting to BMW API for 24 hours
• try logging in to MyBMW website (or reset password if that doesn't work - but only after 24 hours)

If you after 24 hours cannot access your account via app/website, either wait even longer or call BMW support.

Please keep in mind that this is an unofficial library that only reverse engineers to mobile app. So in no way approved/endorsed by BMW.

Thank you.

[Boguinhos]

Ok, i'm now able to login on the APP again but CLI still give the:
MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)
MyBMWAuthError: HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

Using 0.17.1 (rest_of_world) and the captcha token from rest of world.

[DCarlson12]

Also getting the captcha error since 19 hours ago. Have not logged out or logged into the account from anywhere to prompt credentials expiring

[rikroe]

@Boguinhos glad to hear! If using the captcha token, please make sure that everything is entered correctly - it is a bit finnicky. Please make double sure you have entered it correctly (with a very recent token).
I'm currently still working out how this entry can be improved.

@DCarlson12 yes, you have to use a captcha. BMW sometimes seems to kick people off and then you have to re-login again. If using the CLI, please follow the documentation (see #671). If you're a Home Assistant user, please see the issue thread there (it still requires review by the HA core team).

[Boguinhos]

After watching your code i noticed that you have a america region captcha key, a "-" region that i assume that is for testing but none for rest_of_world.
Is this supposed to be? Sorry if i say something stupid but i was just trying to understand but 0 experience on captcha. Tried to find the captcha key but it was never requested again on my browsers.

[rikroe]

The _ is just a dummy value and should be removed by now as we're not using it at all.
The only parts where the actual keys are stored is in the HTML inside the docs folder.