Just noticed I didn’t mention the http headers.
These are the ones I use in all calls:
“Connection: keep-alive”
“Accept-Language: en-us”
“Accept-Encoding: br, gzip, deflate”
“Origin: anyname://authorize”
“Referer: anyname://authorize”
“User-Agent: Anyname/1.0”
Add this header if you post form data: “Content-Type: application/x-www-form-urlencoded”
And this header if you send JSON in the body: Content-Type: application/json
Notice, I used a fake application url scheme for Origin and Referer.
In what context do you use this authentication method, @Lammy? CLI/Web Page/Server Side API? If you are using JavaScript, could you share your code with us/me?
A great topic and I loved to see two methods explained for retrieving the bearer.
Unfortunate I was not able to retrieve the bearer in the last part on both methods.
I used the following curl command
curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST https://192.168.1.17/api/manager/users/login
–> The result was: curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
and
curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST https://YYYYYYY/api/manager/users/login
–>The result was nothing, not response at all. I needed to kill the process with ^C.
All earlier steps we executed well, I was able to find the right JWT token (XXX) generated and I’m pretty sure I have the right Cloud_ID (YYYY) aswell.
Can someone shine a little light on a solution direction?
I saw a small mistake in the header in the commands, after I changed them both it resulted in the curl (35) error with and SSLv3 handshake failure. Any thought on what could cause the problem?
Thanks for your response. I altered the curl command in :
curl -H ‘content-type: application/json’ -d {“token”:“xxxx”} -X POST “https://192-168-1-17.homey.homeylocal.com”
Just to be sure, I created a new JWT token in xxxx
Sorry for the confusion, you still need to add /api/manager/users/login after the scheme and hostname in the URL: https://192-168-1-17.homey.homeylocal.com/api/manager/users/login
I’ve created a very basic, very small, working (javascript) example and put it on GitHub:
Feel free to fork/clone and reuse.
There is also a readme.md on how to get things working.
I’ve used it myself to create an alternate dashboard (with temperatures from all of my temperature-sensors) and 1 graph of the temperatures of the latest 24 hours (in one graph so more user-friendly then insights)
Credits to homey.ink and robertklep for the examples / steps.
Homeyscript to regularly fetch a new valid bearer token for using the API
The following guide, describes a setup that automatically fetches an updated bearer token for usage with your homey API. It consists of two main parts:
A homeyscript that returns an updated bearer token as a return tag value
An example flow that runs the homeyscript regularly and stores an updated bearer token in a logic variable
I’ve only tested it for my own command. I’d be happy to learn if it works for others as well-