Homey
Search…
Getting a bearer token
Getting an Athom Homey bearer token is not straight forward
The following guide, describes a setup that automatically fetches an updated bearer token for usage with your homey API. It consists of two main parts:
    A homeyscript that returns an updated bearer token as a return tag value
    An example flow that runs the homeyscript regularly and stores an updated bearer token in a logic variable

The homeyscript

First you need to update the configuration section to your homey.
1
// -------- o - Configure these parameters -------- o -------- o
2
let email = '[email protected]'
3
let password = 'skdjhf987s8d76fsd'
4
let client_id = 's8d67chdg36d8d6f6d'
5
let client_secret = 'dsdfghjkdfjghkdfjhgkdfjhgkdfjhgkdfjhgkfd'
6
let redirect_url = 'http://localhost'
7
let cloudid = '8sd76f87sd6f876sd8f76sd'
8
// -------- o -------- o -------- o -------- o -------- o
9
10
const between = function(str, strf, strt) {
11
return str.split(strf).pop().split(strt)[0].trim();
12
}
13
14
const authurl = 'https://accounts.athom.com/login'
15
console.log("POST authentication " + authurl)
16
const response2 = await fetch(authurl, {
17
"headers": {
18
"accept": "application/json, text/javascript, */*; q=0.01",
19
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
20
},
21
"referrerPolicy": "no-referrer-when-downgrade",
22
"body": 'email=' +encodeURIComponent(email) + '&password=' + encodeURIComponent(password) + '&otptoken=',
23
"method": "POST",
24
"mode": "cors",
25
"credentials": "omit"
26
})
27
const body2 = await response2.text()
28
const token = JSON.parse(body2)
29
30
const authorizeurl = 'https://accounts.athom.com/oauth2/authorise?client_id=' + client_id +
31
'&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.token
32
33
34
console.log(" Response from accounts.athom.com/login ", body2)
35
console.log("GET Authorization " + authorizeurl)
36
37
const response3 = await fetch(authorizeurl, {
38
"headers": {
39
},
40
"method": "GET",
41
"mode": "cors",
42
"credentials": "include"
43
})
44
const body3 = await response3.text()
45
let csrf = between(body3, 'name="_csrf" value="', '">')
46
47
48
49
let raw = response3.headers.raw()['set-cookie']
50
let rawd = raw[0].split(';')
51
let cookiecsrf = null
52
rawd.forEach(el => {
53
let dc = el.split('=')
54
if (dc[0] === '_csrf') {
55
cookiecsrf = dc[1]
56
}
57
})
58
59
let cookie4 = '_csrf=' + cookiecsrf
60
// console.log("Cookie4", cookie4)
61
console.log(" CSRF input parameter", csrf)
62
console.log(" CSRF cookie", cookiecsrf)
63
64
let authorizeurl2 = 'https://accounts.athom.com/authorise?client_id=' + client_id + '&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.token
65
console.log("GET Authorization", authorizeurl2)
66
const response4 = await fetch(authorizeurl2, {
67
"headers": {
68
"content-type": "application/x-www-form-urlencoded",
69
"cookie": cookie4
70
},
71
"redirect": "manual",
72
"body": "resource=resource.homey." + cloudid + "&_csrf=" + csrf + "&allow=Allow",
73
"method": "POST",
74
"mode": "cors",
75
"credentials": "include"
76
});
77
78
const body4 = await response4.text()
79
let code = response4.headers['_headers'].location[0].split('=')[1]
80
81
console.log(" Response from authorization. Redirect to ", response4.headers['_headers'].location[0])
82
console.log(" Response content ", body4)
83
console.log(" Parsed the following code ", code)
84
85
86
87
let tokenendpoint = 'https://api.athom.com/oauth2/token'
88
console.log("POST token (resolve code to token) " + tokenendpoint)
89
const response5 = await fetch(tokenendpoint, {
90
"headers": {
91
"content-type": "application/x-www-form-urlencoded",
92
},
93
"body": 'client_id=' + encodeURIComponent(client_id) + '&client_secret=' + encodeURIComponent(client_secret) +
94
'&grant_type=authorization_code&code=' + encodeURIComponent(code),
95
"method": "POST",
96
"mode": "cors",
97
"credentials": "include"
98
});
99
100
101
//console.log("Response5", response5)
102
const body5 = await response5.text()
103
let accesstoken = JSON.parse(body5)
104
105
106
107
108
109
let delegationEndpoint = 'https://api.athom.com/delegation/token?audience=homey'
110
const response6 = await fetch(delegationEndpoint, {
111
"headers": {
112
"content-type": "application/x-www-form-urlencoded",
113
"authorization": "Bearer " + accesstoken.access_token
114
},
115
"referrerPolicy": "no-referrer-when-downgrade",
116
"body": "client_id=" + client_id + " &client_secret=" + client_secret + "&grant_type=refresh_token&refresh_token=" + accesstoken.refresh_token,
117
"method": "POST",
118
"mode": "cors",
119
"credentials": "include"
120
});
121
122
123
124
const body6 = await response6.json()
125
console.log(" JWT token is " + body6)
126
127
let endpoint7 = 'https://' + cloudid + '.connect.athom.com/api/manager/users/login'
128
console.log("POST login endpoint " + endpoint7)
129
const response7 = await fetch(endpoint7, {
130
"headers": {
131
"content-type": "application/json",
132
//"authorization": "Bearer " + accesstoken.access_token
133
},
134
"body": JSON.stringify({"token": body6}),
135
"method": "POST"
136
});
137
138
const body7 = await response7.json()
139
console.log(" Response status " + response7.status)
140
console.log(" Response: " + body7)
141
142
await setTagValue("accesstoken", {type: 'string', title:'Access token'}, body7)
143
return true
Copied!

Updating a logic variable

Run the homeyscript above regularly to update an logic variable using the flow below.

Using the bearer token with the API

Here is an example using the Homey API with the bearer token:
1
// -------- o - Configure these parameters -------- o -------- o
2
let cloudid = 'sd87f68ds76f87sd6f8sd76f'
3
// -------- o -------- o -------- o -------- o -------- o
4
5
let variables = await Homey.logic.getVariables()
6
let getVar = (name) => {
7
let x = _.find(variables, (val, key) => {return (val.name === name) })
8
if (typeof x === 'undefined') throw new Error("Could not find variable [" + name + "]")
9
return x
10
}
11
let accesstoken = getVar('accesstoken').value
12
console.log("Access token is " + accesstoken)
13
let baseapi = 'https://' + cloudid + '.connect.athom.com/api/'
14
let apiendpoint = baseapi + 'manager/devices/device/'
15
console.log("GET " + apiendpoint)
16
const response = await fetch(apiendpoint, {
17
"headers": {
18
"accept": "application/json",
19
"Authorization": "Bearer " + accesstoken
20
},
21
"method": "GET"
22
});
23
console.log(" Response status " + response.status + " " + response.statusText)
24
const responseBody = await response.text()
25
const data = JSON.parse(responseBody)
26
console.log(" Result ", data)
27
Copied!

Homey API reference

Thanks to Johan Bendz for providing a list of API endpoints: https://github.com/JohanBendz/Homey-Endpoints/blob/master/Homey-REST-endpoints
The base URL is:
1
https://<cloudid>.connect.athom.com/api/
Copied!
Use the bearer token to make an authorized call:
1
GET /api/manager/sessions/session/ HTTP/1.1
2
Host: <cloudid>.connect.athom.com
3
Authorization: Bearer <ACCESS TOKEN>
Copied!
1
# Alarms
2
GET /api/manager/alarms/alarm/
3
4
# Apps
5
GET /api/manager/apps/app/
6
GET /api/manager/apps/app/<APP_ID>/ (eg. com.fibaro)
7
8
# Cloud state
9
GET /api/manager/cloud/state/
10
11
# Devices
12
GET /api/manager/devices/device/
13
GET /api/manager/devices/device/<DEVICE_ID>/
14
15
# Drivers
16
GET /api/manager/devices/drivers/
17
GET /api/manager/drivers/pairsession/
18
19
# Experiments
20
GET /api/manager/experiments/experiment/
21
22
# Flow
23
GET /api/manager/flow/flow/
24
GET /api/manager/flow/flow/<FLOW_ID>/
25
26
# Flow folders
27
GET /api/manager/flow/flowfolder/
28
29
# Flow tokens
30
GET /api/manager/flowtoken/flowtoken/
31
32
# Images
33
GET /api/manager/images/image/
34
35
# Insights
36
GET /api/manager/insights/log/
37
38
# Language and unit settings
39
GET /api/manager/i18n/
40
41
# LED ring
42
GET /api/manager/ledring/screensaver/
43
GET /api/manager/ledring/state/
44
45
# Location
46
GET /api/manager/geolocation/
47
48
# Logic
49
GET /api/logic/variable/
50
GET /api/logic/variable/<VARIABLE_ID>/
51
PUT { "value": value } TO /api/manager/logic/variable/<VARIABLE_ID>/
52
53
# Mobile
54
GET /api/manager/mobile/
55
56
# Notifications
57
GET /api/manager/notifications/notification/
58
GET /api/manager/notifications/owner/
59
60
# Presence
61
GET /api/manager/presence/
62
63
# Reminders
64
GET /api/manager/reminder/reminder/
65
66
# Sessions
67
GET /api/manager/sessions/session/
68
69
# Switch on:
70
PUT { "value": true } TO /api/manager/devices/device/<DEVICE_ID>/capability/onoff/
71
72
# Switch off:
73
PUT { "value": false } TO /api/manager/devices/device/<DEVICE_ID>/capability/onoff/
74
75
# System
76
GET https://<HOMEY_IP>/api/manager/system/
77
78
# System Reboot // Use with caution!
79
POST https://<HOMEY_IP>/api/manager/system/reboot/
80
81
# Users
82
GET /api/manager/users/user/
83
GET /api/manager/users/user/<USER_ID>/
84
GET /api/manager/users/state/
85
86
# Weather
87
GET /api/manager/weather/weather/
88
89
# Zigbee
90
GET /api/manager/zigbee/state/
91
92
# Z-Wave
93
GET /api/manager/zwave/state/
94
GET /api/manager/zwave/log/
95
POST /api/manager/zwave/command/
96
- heal: payload {command: "heal", opts: {nodeId: <NODE_ID>}}
97
- test: payload {command: "sendData", opts: "<NODE_ID>,0x20,0x00"}
98
99
# Zones
100
GET /api/manager/zones/
101
GET /api/manager/zones/<ZONE_ID>/
Copied!
Last modified 1yr ago