Is there anybody who knows how to get the last version of Somfy?
I believe it was version 1.6.5 then Adrian has got time to sort out that api polling problem and we are not going to be banned.
1 Like
Yep I have the same email.
At first I thought it was due to my constant login in and out while testing but as you have all got it as well then that is obviously not the case.
I presume the timing must be a coincidence as the fundamental operation of using GET /setup is the same as it has always been. I have changed the network engine but what it sends and receives is still the same.
I know Somfy have been trying to restrict access via their API for at least a year now and the latest changes to use OAuth login is one of their measures to block third party apps.
As they mention specifically the use of GET /setup I will of course investigate an alternative method of getting the data immediately and update the app ASAP.
The only thing that worries me is that the alternative is to request the data for each device individually and I feel that will put an even bigger burden on their servers.
Edit: Interesting that someone on 1.5.4 has also left a review saying they have received the email as well. At least I know for sure now that itâs not something I did.
I assume that there was not change in the load recently, they probably did some audit recently. Do I understand that the problem is that our app is constantly logging in to keep the connection with homey or that i have so many flows during the day run?
Its a shame that these big guys do not understand that the implementations everywhere of IoT moves forward and that they shall keep up with the trends. They do oposite and not only Somfy.
Correct, I received the warning and I was on 1.5.3 (or was it 1.5.4). Just updated to the latest version.
Seams like a real issue here. I also got the same e-mail.
Hopefully the app is updates before they ban us from connectionâŚ
ââŚor update your code by October 31st.â
Hopefully something can be done by end of OctoberâŚ
Same mail. And on fw 4.2
Can we - Homey + Connexoon/Tahoma owners - in some way collaborate to ease Somfy a bit? Perhaps even mobilise Athom.
1 Like
I think somfy have to make it possible to communicate with tahoma without internet connection.
I do not quite understand the problem that Somfy has, meaning the technical one they claim, not the commercial one (of course they want to lock in customers and lock out 3rd parties). If I have a Homey flow that tests a number of screens if they are up or down before sending a command to open or close, all on my local network, why are their servers overloaded? Are they monitoring all local signals sent via my Connexoon on their servers? Then they should stop that anyway!
Well itâs even stranger that people got the mail, while not using the homey app. They only have the app installed. So it seems there is an unnecessary load somewhere
1 Like
It would be great if Homey could talk direct to the hub instead of going through the internet. Then no load on the Somfy servers, no issue with internet outages.
I did ask Somfy a few years back if they had plans for that and the answer then was a solid no. I really donât understand that sort of thinking as surely it can only add to the appeal.
I suspect that user of other home automation systems have also received the same email as the ones that have public code use the same underlying method of using the \setup endpoint. I know because I have been doing a lot of searching in the last week to try and find solutions to the login issues that some users are experiencing.
But, even if all such users emailed Somfy support and threatened to boycott Somfy I doubt it would worry them. There are currently just under 2000 users of the Homey - Tahoma app so that is probably insignificant to a company like Somfy.
Anyway on a more positive note:
I have now discovered other endpoints that are more targeted that I can switch to. It will mean a restructure of the app as currently it gets a big lump of data from Somfy and then passes that to each device so it can pick out what it wants.
The new system will require each device to request the specific information it wants from Somfy. This will mean sending more request to Somfy but receiving a lot less data.
As the email specifically mentions the \setup endpoint as being the issue I am hopeful this will be satisfactory.
Edit:
I do not quite understand the problem that Somfy has, meaning the technical one they claim, not the commercial one (of course they want to lock in customers and lock out 3rd parties). If I have a Homey flow that tests a number of screens if they are up or down before sending a command to open or close, all on my local network, why are their servers overloaded? Are they monitoring all local signals sent via my Connexoon on their servers? Then they should stop that anyway!
The only way to communicate with your hub is via the internet. It is not possible to talk directly to the box. So the app has to ask their internet server for the information and then send the commands to control a device to their internet servers. Your box only talks to a secure endpoint on their servers and sends status updates to it and gets commands from it.
4 Likes
Sounds promising. Hopefully they wonât send another email in a later stage when they audit/monitor the new endpoint requests 
But can you explain why people got the email, while not using the app? Could it be that the app constantly logs in? Or is that unrelated?
The app constantly poles the Somfy server for information so it can update the device status in order to display and trigger flows. Homey apps have no way to know if a device is being looked at by a user so it has to update all devices just in case.
So it depends on what they mean by ânot using the appâ. Just having the app installed means it is polling in the background. On the latest test version I have made a change so it will not be polling if the user is not logged in (no user name or password).
1 Like
Thanks for the explanation. So theoretically the best way is to find a way to cut out the hub and talk to the sensors/actuators directly. That would increase privacy and make Somfy happy (not). 
Edit: on second thought, maybe the Somfy solution offers better privacy. They only can see if my shutters are up or down. The alternative solution to control by local communication would require the Somfy app to access my home network, where there is a lot more interesting information. (And yes I still trust Homey)
For RTS devices that is just a matter of installing the Homey Somfy RTS app.
Unfortunately the IO devices are much more difficult. The IO protocol is very secure and a closed system. It requires special hardware as well as firmware that is a well guarded secret.
Therefore âtheoreticallyâ. Just being âsarcasticâ (about Somfy of course).
1 Like
Are other platform users (Home Assistant, Fibaro / Homee et cetera) also been notified / affected?
Iâm not sure. I havenât had time to search the web yet to see if others have reported it.
Yes home assistant users for sure, they even refer to this forum as well and I saw a github url.
1 Like
Hi ! Iâm the maintener of the Somfy component for Home Assistant. This last uses the official API (with oauth). And even here some users receive this famous email. The component only perform one call every 30 seconds to update all the devices and this is not the setup entry point.
I plan to contact their support tomorrow to understand the situation. Usually they answer me pretty quickly.
@Adrian_Rockall if you want I can add you in Cc if you are OK to share by PM your mail.
If you Know also mainteners of other Somfy integration with the same issue, I will be glad to add them.
7 Likes
