Announcement

Collapse
No announcement yet.

JSON credentials

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    JSON credentials

    The SDK, as an example, requires a status request to be in the following form:

    https://myhs.homeseer.com/getsystems...USER&pass=PASS

    It also says:

    For accessing a local system, the user/pass is not required, just use the IP address of the system like:

    http://IP_OF_SYSTEM/JSON?user=demo@h...uest=getstatus

    (which is weird, because the example "like" has credential info)


    I've been trying for hours to get a JSON command to work WITHOUT credentials, as it says above. I'm generating the JSON command from the local network, but it won't take a command without credentials. Are credentials now required even on local lan?

    #2
    Do you have "No Password Required for Local (same subnet) Login" under Setup -> Network enabled/checked?
    Len


    HomeSeer Version: HS3 Pro Edition 3.0.0.435
    Linux version: Linux homeseer Ubuntu 16.04 x86_64
    Number of Devices: 633
    Number of Events: 773

    Enabled Plug-Ins
    2.0.54.0: BLBackup
    2.0.40.0: BLLAN
    3.0.0.48: EasyTrigger
    30.0.0.36: RFXCOM
    3.0.6.2: SDJ-Health
    3.0.0.87: weatherXML
    3.0.1.190: Z-Wave

    Comment


      #3
      You can also try http://user:pass@LOCAL_IP/JSON?...

      Comment


        #4
        Thanks, but I already had "no password required..." checked.

        Dr McKay's recommendation actually works, but I have no idea why - undocumented?

        Comment


          #5
          It works because the local web interface (not MyHS) uses HTTP Basic authentication, and that's how you embed credentials into a URL for use with that.

          Comment


            #6
            "HTTP Basic Authenification" was the clue I needed.

            Found on the internet at
            https://developer.mozilla.org/en-US/...Authentication

            "Many clients also let you avoid the login prompt by using an encoded URL containing the username and the password like this:

            https://usernameassword@www.example.com/

            The use of these URLs is deprecated. In Chrome, the username​​​​​​​assword@ part in URLs is even stripped out for security reasons. In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt"

            So I wonder how long this will work...

            Comment


              #7
              What are you using to consume the JSON response?

              Comment


                #8
                If I understand you, it's Chrome. The JSON HTTP is generated in javascript in a Chrome window, i.e. pushing a "button" in a Chrome webpage causes a javascript XMLHttpRequest, and the reply is processed there as well (xhr.responseText)

                Comment


                  #9
                  I guess you could try doing this as future-proofing against Google removing credentials in XHR URLs:
                  Code:
                  xhr.setRequestHeader('Authorization', 'Basic ' + btoa('user:pass'));
                  Not sure how nicely it'll play with same-origin policy though. Dunno how your environment is set up.

                  Comment


                    #10
                    Nope, it gives " invalid credentials". CORS seems ok. Thanks for helping, though.

                    Comment

                    Working...
                    X