Homey Community Forum

[Unsupported] Homey v2 REST API

Just noticed I didn’t mention the http headers.
These are the ones I use in all calls:

  • “Connection: keep-alive”
  • “Accept-Language: en-us”
  • “Accept-Encoding: br, gzip, deflate”
  • “Origin: anyname://authorize”
  • “Referer: anyname://authorize”
  • “User-Agent: Anyname/1.0”
    Add this header if you post form data: “Content-Type: application/x-www-form-urlencoded”
    And this header if you send JSON in the body: Content-Type: application/json
    Notice, I used a fake application url scheme for Origin and Referer.
1 Like

In what context do you use this authentication method, @Lammy? CLI/Web Page/Server Side API? If you are using JavaScript, could you share your code with us/me?

It is C/C++ code, running on armgnulinux. Too much to post it all here, but here is for example the function for step 1 (indentation is lost).

athomLogin

bool athomLogin(std::string email, std::string passw, std::string &jwt)
{
const char *headers =
“Accept: application/json\r\n”
“Accept-Language: en-us\r\n”
“Connection: keep-alive\r\n”
“Accept-Encoding: br, gzip, deflate\r\n”
“Origin: domos://authorize\r\n”
“Referer: domos://authorize\r\n”
“Content-Type: application/x-www-form-urlencoded\r\n”
“”;
bool res = false;
size_t sz = 512;
char buffer[sz], payload[sz];
https_handle_t hnd = httpsCreateHandle(“accounts.athom.com”, 443, headers);
sprintf(payload, “email=%s&password=%s”, urlencode(email).c_str(), urlencode(passw).c_str());
headers_t ret_headers;
if (200 == https(hnd, “”, “POST”, “/login”, payload, strlen(payload), buffer, &sz, &ret_headers))
{
//for (size_t i = 0; i < ret_headers.size(); i++)
//{
// printf("%s\n", ret_headers[i].c_str());
//}
json reply = json::parse(buffer);
//printf("%s\n", reply.dump(2).c_str());
jwt = reply[“token”];
res = true;
}
httpsDestroyHandle(hnd);
return res;
}

2 Likes

A great topic and I loved to see two methods explained for retrieving the bearer.
Unfortunate I was not able to retrieve the bearer in the last part on both methods.

I used the following curl command
curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST https://192.168.1.17/api/manager/users/login
–> The result was: curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

and

curl -d {“token”:“XXXXXXX”} -H ‘Content Type: application/json’ -XPOST https://YYYYYYY/api/manager/users/login
–>The result was nothing, not response at all. I needed to kill the process with ^C.

All earlier steps we executed well, I was able to find the right JWT token (XXX) generated and I’m pretty sure I have the right Cloud_ID (YYYY) aswell.

Can someone shine a little light on a solution direction?

I saw a small mistake in the header in the commands, after I changed them both it resulted in the curl (35) error with and SSLv3 handshake failure. Any thought on what could cause the problem?

You can’t use https in combination with the IP-address directly, you’ll need to use https://192-168-1-17.homey.homeylocal.com

Thanks for your response. I altered the curl command in :
curl -H ‘content-type: application/json’ -d {“token”:“xxxx”} -X POST “https://192-168-1-17.homey.homeylocal.com

Just to be sure, I created a new JWT token in xxxx

This is the response from Homey in HTML format:

Error
Cannot POST /

Any guidance?

Sorry for the confusion, you still need to add /api/manager/users/login after the scheme and hostname in the URL:
https://192-168-1-17.homey.homeylocal.com/api/manager/users/login

I altered the curl command as follows:
curl -H ‘content-type: application/json’ -d {“token”:“xxxxxxx”} -X POST “https://192-168-1-17.homey.homeylocal.com/api/manager/users/login

This is the response:
{“code”:400,“error”:“invalid_json”,“error_description”:“An unkown error has occured [invalid_json]”}

It should (probably, I don’t know how this API works) be this:

curl -H 'content-type: application/json' -d '{"token":"xxxxxxx"}' -X POST "https://192-168-1-17.homey.homeylocal.com/api/manager/users/login"

Note that I’m using simple quote and double-quote characters, not “smart quote” characters.

Thanks, it worked. Really appreciated your help, now let’s see how to build this in a nice javascript runtime environment.