HOW TO GET BEARER TOKEN IN HOMEY PRO 2016/2019
1) Create this homeyscript:
const email = 'your_mail';
const password = 'your_password';
const client_id = '5a8d4ca6eb9f7a2c9d6ccf6d';
const client_secret = 'e3ace394af9f615857ceaa61b053f966ddcfb12a';
const redirect_url = 'http://localhost';
const cloudid = 'your_cloudid';
const between = function(str, strf, strt) {
return str.split(strf).pop().split(strt)[0].trim();
}
const authurl = 'https://accounts.athom.com/login';
const response2 = await fetch(authurl, {
'headers': {
'accept': 'application/json, text/javascript, */*; q=0.01',
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
},
'referrerPolicy': 'no-referrer-when-downgrade',
'body': 'email='+ encodeURIComponent(email) +'&password='+ encodeURIComponent(password) +'&otptoken=',
'method': 'POST',
'mode': 'cors',
'credentials': 'omit'
});
const body2 = await response2.text();
const token = JSON.parse(body2);
const authorizeurl = 'https://accounts.athom.com/oauth2/authorise?client_id='+ client_id +'&redirect_uri='+ encodeURIComponent(redirect_url) +'&response_type=code&user_token='+ token.token;
const response3 = await fetch(authorizeurl, {
'headers': {
},
'method': 'GET',
'mode': 'cors',
'credentials': 'include'
});
const body3 = await response3.text();
let csrf = between(body3, 'name="_csrf" value="', '">');
let raw = response3.headers.raw()['set-cookie'];
let cookiecsrf = null;
raw.forEach(el => {
let dc = el.split('=');
if (dc[0] === '_csrf') cookiecsrf = dc[1];
});
let cookie4 = '_csrf=' + cookiecsrf;
let authorizeurl2 = 'https://accounts.athom.com/authorise?client_id='+ client_id +'&redirect_uri='+ encodeURIComponent(redirect_url) +'&response_type=code&user_token='+ token.token;
const response4 = await fetch(authorizeurl2, {
'headers': {
'content-type': 'application/x-www-form-urlencoded',
'cookie': cookie4
},
'redirect': 'manual',
'body': 'resource=resource.homey.'+ cloudid +'&_csrf='+ csrf +'&allow=Allow',
'method': 'POST',
'mode': 'cors',
'credentials': 'include'
});
const body4 = await response4.text();
let code = response4.headers.get('location').split('=')[1];
let tokenendpoint = 'https://api.athom.com/oauth2/token';
const response5 = await fetch(tokenendpoint, {
'headers': {
'content-type': 'application/x-www-form-urlencoded'
},
'body': 'client_id='+ encodeURIComponent(client_id) +'&client_secret='+ encodeURIComponent(client_secret) + '&grant_type=authorization_code&code='+ encodeURIComponent(code),
'method': 'POST',
'mode': 'cors',
'credentials': 'include'
});
const body5 = await response5.text();
let accesstoken = JSON.parse(body5);
let delegationEndpoint = 'https://api.athom.com/delegation/token?audience=homey';
const response6 = await fetch(delegationEndpoint, {
'headers': {
'content-type': 'application/x-www-form-urlencoded',
'authorization': 'Bearer '+ accesstoken.access_token
},
'referrerPolicy': 'no-referrer-when-downgrade',
'body': 'client_id='+ client_id +' &client_secret='+ client_secret +'&grant_type=refresh_token&refresh_token='+ accesstoken.refresh_token,
'method': 'POST',
'mode': 'cors',
'credentials': 'include'
});
const body6 = await response6.json();
let endpoint7 = 'https://'+ cloudid +'.connect.athom.com/api/manager/users/login';
const response7 = await fetch(endpoint7, {
'headers': {
'content-type': 'application/json'
},
'body': JSON.stringify({ 'token': body6 }),
'method': 'POST'
});
const body7 = await response7.json()
await tag('access_token', '{ "token": "'+ body7 +'"}');
return true;
This homeyscript estract the bearer token and put it into a tag
2) Create a flow with call the homeyscript every day and put the token into a global variable
https://homey.app/it-it/flow/n-F3VR/
3) Create a flow for send the token in a local url (Is needed this app)
https://homey.app/it-it/flow/l6V3VR/
4) Test the result
If your homey ip is 192.168.1.110 and in Local API you have set port 8066,
the result is a link like this http://192.168.1.110:8066/token that return a json
NOTE: client_id and client_secret are a test user, it can’t full access homey (here it is explained why insights don’t work)
