Homey Community Forum

[Unsupported] Homey v2 REST API

Just noticed I didn’t mention the http headers.
These are the ones I use in all calls:

  • “Connection: keep-alive”
  • “Accept-Language: en-us”
  • “Accept-Encoding: br, gzip, deflate”
  • “Origin: anyname://authorize”
  • “Referer: anyname://authorize”
  • “User-Agent: Anyname/1.0”
    Add this header if you post form data: “Content-Type: application/x-www-form-urlencoded”
    And this header if you send JSON in the body: Content-Type: application/json
    Notice, I used a fake application url scheme for Origin and Referer.
1 Like

In what context do you use this authentication method, @Lammy? CLI/Web Page/Server Side API? If you are using JavaScript, could you share your code with us/me?

It is C/C++ code, running on armgnulinux. Too much to post it all here, but here is for example the function for step 1 (indentation is lost).


bool athomLogin(std::string email, std::string passw, std::string &jwt)
const char *headers =
“Accept: application/json\r\n”
“Accept-Language: en-us\r\n”
“Connection: keep-alive\r\n”
“Accept-Encoding: br, gzip, deflate\r\n”
“Origin: domos://authorize\r\n”
“Referer: domos://authorize\r\n”
“Content-Type: application/x-www-form-urlencoded\r\n”
bool res = false;
size_t sz = 512;
char buffer[sz], payload[sz];
https_handle_t hnd = httpsCreateHandle(“accounts.athom.com”, 443, headers);
sprintf(payload, “email=%s&password=%s”, urlencode(email).c_str(), urlencode(passw).c_str());
headers_t ret_headers;
if (200 == https(hnd, “”, “POST”, “/login”, payload, strlen(payload), buffer, &sz, &ret_headers))
//for (size_t i = 0; i < ret_headers.size(); i++)
// printf("%s\n", ret_headers[i].c_str());
json reply = json::parse(buffer);
//printf("%s\n", reply.dump(2).c_str());
jwt = reply[“token”];
res = true;
return res;


A great topic and I loved to see two methods explained for retrieving the bearer.
Unfortunate I was not able to retrieve the bearer in the last part on both methods.

I used the following curl command
curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST
–> The result was: curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure


curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST https://YYYYYYY/api/manager/users/login
–>The result was nothing, not response at all. I needed to kill the process with ^C.

All earlier steps we executed well, I was able to find the right JWT token (XXX) generated and I’m pretty sure I have the right Cloud_ID (YYYY) aswell.

Can someone shine a little light on a solution direction?

I saw a small mistake in the header in the commands, after I changed them both it resulted in the curl (35) error with and SSLv3 handshake failure. Any thought on what could cause the problem?

You can’t use https in combination with the IP-address directly, you’ll need to use https://192-168-1-17.homey.homeylocal.com

Thanks for your response. I altered the curl command in :
curl -H ‘content-type: application/json’ -d {“token”:“xxxx”} -X POST “https://192-168-1-17.homey.homeylocal.com

Just to be sure, I created a new JWT token in xxxx

This is the response from Homey in HTML format:

Cannot POST /

Any guidance?

Sorry for the confusion, you still need to add /api/manager/users/login after the scheme and hostname in the URL:

I altered the curl command as follows:
curl -H ‘content-type: application/json’ -d {“token”:“xxxxxxx”} -X POST “https://192-168-1-17.homey.homeylocal.com/api/manager/users/login

This is the response:
{“code”:400,“error”:“invalid_json”,“error_description”:“An unkown error has occured [invalid_json]”}

It should (probably, I don’t know how this API works) be this:

curl -H 'content-type: application/json' -d '{"token":"xxxxxxx"}' -X POST "https://192-168-1-17.homey.homeylocal.com/api/manager/users/login"

Note that I’m using simple quote and double-quote characters, not “smart quote” characters.

Thanks, it worked. Really appreciated your help, now let’s see how to build this in a nice javascript runtime environment.

Hi, can someone please show me/us some fully code how to use these RestAPI’s?
How do to the auth?

Can someone please share his examples?
Thank you so much.

Sorry to ask again here, can someone please show me how to use the REST API ?
How to login using the curl?

Thank you


I’ve created a very basic, very small, working (javascript) example and put it on GitHub:

Feel free to fork/clone and reuse.

There is also a readme.md on how to get things working.

I’ve used it myself to create an alternate dashboard (with temperatures from all of my temperature-sensors) and 1 graph of the temperatures of the latest 24 hours (in one graph so more user-friendly then insights)

Credits to homey.ink and robertklep for the examples / steps.


Did you change your client_id and client_secret on GitHub?
Ok hope so!