Getting a bearer token
Getting an Athom Homey bearer token is not straight forward
The following guide, describes a setup that automatically fetches an updated bearer token for usage with your homey API. It consists of two main parts:
A homeyscript that returns an updated bearer token as a return tag value
An example flow that runs the homeyscript regularly and stores an updated bearer token in a logic variable
First you need to update the configuration section to your homey.
The
emailandpasswordis your Homey account.A
client_idandclient_secretcan be found at http://developer.athom.com/api/projects​The
redirect_urlcan stay untouchedYour
cloudidcan be found here: http://developer.athom.com/tools/system​
// -------- o - Configure these parameters -------- o -------- olet email = 'xxxxx@gmail.com'let password = 'skdjhf987s8d76fsd'let client_id = 's8d67chdg36d8d6f6d'let client_secret = 'dsdfghjkdfjghkdfjhgkdfjhgkdfjhgkdfjhgkfd'let redirect_url = 'http://localhost'let cloudid = '8sd76f87sd6f876sd8f76sd'// -------- o -------- o -------- o -------- o -------- o​const between = function(str, strf, strt) {return str.split(strf).pop().split(strt)[0].trim();}​const authurl = 'https://accounts.athom.com/login'console.log("POST authentication " + authurl)const response2 = await fetch(authurl, {"headers": {"accept": "application/json, text/javascript, */*; q=0.01","content-type": "application/x-www-form-urlencoded; charset=UTF-8",},"referrerPolicy": "no-referrer-when-downgrade","body": 'email=' +encodeURIComponent(email) + '&password=' + encodeURIComponent(password) + '&otptoken=',"method": "POST","mode": "cors","credentials": "omit"})const body2 = await response2.text()const token = JSON.parse(body2)​const authorizeurl = 'https://accounts.athom.com/oauth2/authorise?client_id=' + client_id +'&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.token​​console.log(" Response from accounts.athom.com/login ", body2)console.log("GET Authorization " + authorizeurl)​const response3 = await fetch(authorizeurl, {"headers": {},"method": "GET","mode": "cors","credentials": "include"})const body3 = await response3.text()let csrf = between(body3, 'name="_csrf" value="', '">')​​​let raw = response3.headers.raw()['set-cookie']let rawd = raw[0].split(';')let cookiecsrf = nullrawd.forEach(el => {let dc = el.split('=')if (dc[0] === '_csrf') {cookiecsrf = dc[1]}})​let cookie4 = '_csrf=' + cookiecsrf// console.log("Cookie4", cookie4)console.log(" CSRF input parameter", csrf)console.log(" CSRF cookie", cookiecsrf)​let authorizeurl2 = 'https://accounts.athom.com/authorise?client_id=' + client_id + '&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.tokenconsole.log("GET Authorization", authorizeurl2)const response4 = await fetch(authorizeurl2, {"headers": {"content-type": "application/x-www-form-urlencoded","cookie": cookie4},"redirect": "manual","body": "resource=resource.homey." + cloudid + "&_csrf=" + csrf + "&allow=Allow","method": "POST","mode": "cors","credentials": "include"});​const body4 = await response4.text()let code = response4.headers['_headers'].location[0].split('=')[1]​console.log(" Response from authorization. Redirect to ", response4.headers['_headers'].location[0])console.log(" Response content ", body4)console.log(" Parsed the following code ", code)​​​let tokenendpoint = 'https://api.athom.com/oauth2/token'console.log("POST token (resolve code to token) " + tokenendpoint)const response5 = await fetch(tokenendpoint, {"headers": {"content-type": "application/x-www-form-urlencoded",},"body": 'client_id=' + encodeURIComponent(client_id) + '&client_secret=' + encodeURIComponent(client_secret) +'&grant_type=authorization_code&code=' + encodeURIComponent(code),"method": "POST","mode": "cors","credentials": "include"});​​//console.log("Response5", response5)const body5 = await response5.text()let accesstoken = JSON.parse(body5)​​​​​let delegationEndpoint = 'https://api.athom.com/delegation/token?audience=homey'const response6 = await fetch(delegationEndpoint, {"headers": {"content-type": "application/x-www-form-urlencoded","authorization": "Bearer " + accesstoken.access_token},"referrerPolicy": "no-referrer-when-downgrade","body": "client_id=" + client_id + " &client_secret=" + client_secret + "&grant_type=refresh_token&refresh_token=" + accesstoken.refresh_token,"method": "POST","mode": "cors","credentials": "include"});​​​const body6 = await response6.json()console.log(" JWT token is " + body6)​let endpoint7 = 'https://' + cloudid + '.connect.athom.com/api/manager/users/login'console.log("POST login endpoint " + endpoint7)const response7 = await fetch(endpoint7, {"headers": {"content-type": "application/json",//"authorization": "Bearer " + accesstoken.access_token},"body": JSON.stringify({"token": body6}),"method": "POST"});​const body7 = await response7.json()console.log(" Response status " + response7.status)console.log(" Response: " + body7)​await setTagValue("accesstoken", {type: 'string', title:'Access token'}, body7)return true
Run the homeyscript above regularly to update an logic variable using the flow below.
Here is an example using the Homey API with the bearer token:
// -------- o - Configure these parameters -------- o -------- olet cloudid = 'sd87f68ds76f87sd6f8sd76f'// -------- o -------- o -------- o -------- o -------- o​let variables = await Homey.logic.getVariables()let getVar = (name) => {let x = _.find(variables, (val, key) => {return (val.name === name) })if (typeof x === 'undefined') throw new Error("Could not find variable [" + name + "]")return x}let accesstoken = getVar('accesstoken').valueconsole.log("Access token is " + accesstoken)let baseapi = 'https://' + cloudid + '.connect.athom.com/api/'let apiendpoint = baseapi + 'manager/devices/device/'console.log("GET " + apiendpoint)const response = await fetch(apiendpoint, {"headers": {"accept": "application/json","Authorization": "Bearer " + accesstoken},"method": "GET"});console.log(" Response status " + response.status + " " + response.statusText)const responseBody = await response.text()const data = JSON.parse(responseBody)console.log(" Result ", data)​
Thanks to Johan Bendz for providing a list of API endpoints: https://github.com/JohanBendz/Homey-Endpoints/blob/master/Homey-REST-endpoints​
The base URL is:
https://<cloudid>.connect.athom.com/api/
​https://apps.developer.athom.com/tutorial-Web Api.html​
Use the bearer token to make an authorized call:
GET /api/manager/sessions/session/ HTTP/1.1Host: <cloudid>.connect.athom.comAuthorization: Bearer <ACCESS TOKEN>
# AlarmsGET /api/manager/alarms/alarm/​# AppsGET /api/manager/apps/app/GET /api/manager/apps/app/<APP_ID>/ (eg. com.fibaro)​# Cloud stateGET /api/manager/cloud/state/​# DevicesGET /api/manager/devices/device/GET /api/manager/devices/device/<DEVICE_ID>/​# DriversGET /api/manager/devices/drivers/GET /api/manager/drivers/pairsession/​# ExperimentsGET /api/manager/experiments/experiment/​# FlowGET /api/manager/flow/flow/GET /api/manager/flow/flow/<FLOW_ID>/​# Flow foldersGET /api/manager/flow/flowfolder/​# Flow tokensGET /api/manager/flowtoken/flowtoken/​# ImagesGET /api/manager/images/image/​# InsightsGET /api/manager/insights/log/​# Language and unit settingsGET /api/manager/i18n/​# LED ringGET /api/manager/ledring/screensaver/GET /api/manager/ledring/state/​# LocationGET /api/manager/geolocation/​# LogicGET /api/logic/variable/GET /api/logic/variable/<VARIABLE_ID>/PUT { "value": value } TO /api/manager/logic/variable/<VARIABLE_ID>/​# MobileGET /api/manager/mobile/​# NotificationsGET /api/manager/notifications/notification/GET /api/manager/notifications/owner/​# PresenceGET /api/manager/presence/​# RemindersGET /api/manager/reminder/reminder/​# SessionsGET /api/manager/sessions/session/​# Switch on:PUT { "value": true } TO /api/manager/devices/device/<DEVICE_ID>/capability/onoff/​# Switch off:PUT { "value": false } TO /api/manager/devices/device/<DEVICE_ID>/capability/onoff/​# SystemGET https://<HOMEY_IP>/api/manager/system/​# System Reboot // Use with caution!POST https://<HOMEY_IP>/api/manager/system/reboot/​# UsersGET /api/manager/users/user/GET /api/manager/users/user/<USER_ID>/GET /api/manager/users/state/​# WeatherGET /api/manager/weather/weather/​# ZigbeeGET /api/manager/zigbee/state/​# Z-WaveGET /api/manager/zwave/state/GET /api/manager/zwave/log/POST /api/manager/zwave/command/- heal: payload {command: "heal", opts: {nodeId: <NODE_ID>}}- test: payload {command: "sendData", opts: "<NODE_ID>,0x20,0x00"}​# ZonesGET /api/manager/zones/GET /api/manager/zones/<ZONE_ID>/
Last updated 4 weeks ago