Maybe I have something on my PC at home. I’ll be back in a week.
All that said, this is good from a security point of view, but could makes things complex. I don’t know their plans, but similar solutions (home assistant, zway server) have the ability to flag a token as never expiring. Unfortunately this firmware is still too new and it’s still missing a proper web gui, so we’re just here speculating.
I wish they just added an ip white list for http commands instead of this, but it’s probably doable as external plugin/program running on the same box.
It would be great, i can start transferring part of my devices to ezlo and not loose automations with devices / plugins not supported by ezlo.
One quick question to ezlo team, what will happen if we send 20 http commands to different devices at same time?
Exactly, but not “could” it will make things more complex for local LAN devices and apps to control the Ezlo hub.
Have them turn it off by default out of the box if they must.
But still the requirement is still there for a like for like replacement for the current Vera Luup Requests functionality that does not require authentication.
What is the security concern anyway?
It’s not like we are going to directly open up the local HTTP API port on our router firewalls from the WAN to the LAN via port forwarding.
And personally I have an encrypted always on VPN tunnel protecting the whole LAN.
So unless the Mios cloud is somehow compromised what do I really have to worry about?
Anything is better than us being forced upon with Web sockets and user auth and tokens that will break current Vera functionality and integrations we have now on our LANs.
@melih This is the one topic that is really concerning me about the whole Ezlo platform, that and no signs of a proper logic engine.
Can you step in and make a decision about this local HTTP API and if we will be forced to use user authentication or not?
That doesn’t include all the current third party Vera plugins we will be losing however. Thinking particularly of the 3rd party Logitech Harmony plugin amongst others.
But yes hopefully we are going to have far more natively integrated Z-Wave and Zigbee devices on the Ezlo platform and a whole new world of none Ezlo supported devices integrated via Alexa / Google Home and Ezlo VOI.
I have built an IOS APP loaded on several wall mounted iPads that rely on HTTP API to periodically fetch all the devices status:
“http://(Constant.veraIP):3480/data_request?id=sdata&loadtime=(loadtime)&dataversion=(dataversion)&timeout=60&minimumdelay=2500”
I am not sure we have something similar to get everything in one shot (full update) then partial update only for the devices that changes status.
The App also uses HTTP API to turn on/off/dimm devices and run scenes.
Without this my App (and other integrations) will be broken.
I am actually getting the devices instant status change via the MQTT plugin, push instead of continuous pull, so integrating MQTT natively to get/set devices will make life a lot easier
The response from the Ezlo staff about a local http Api without forced authentication is silent.
No Vera Luup Requests direct replacement is being offered it appears.
So tell me what is my username and token?
And is this token peristant? Or does it expire?
With this information I can work out my curl commands however lots of other LAN integrations will be broken without simple one line http commands with no authentication to control the Ezlo hub on your own internal LAN.
Any official response from Ezlo regarding our concerns about losing the current Vera LUUP Requests functionality and being able to send simple one line HTTP commands from our LAN devices and apps to Vera, to control device and scenes etc without authentication requirements ?
Like how can I send a http command to the Ezlo Atom to run a scene on there to send a VOI command ? I want to do this from my Vera Plus for example.
I managed to work out the WebSocket authentication, so this should be doable as well. The challenge is to obtain the token, that is a two-three step process. Once you have that you can re-use it for the ‘simple’ curl requests.
Will let you know once I have the right series of curl commands.
Curl commands can be used in some situations and if the token doesn’t expire etc.
However for many other integrations I have setup with some apps on my LAN a curl command would not be possible.
Hense why we need the same thing on the Ezlo platform as we have on Vera today aka Luup Requests, simple one line http commands with no authentication.
The token does seem to last quite long, but I have not figured out how long yet. Without authentication i do not see coming, but who knows. Can always create some proxy type function to run on a Pi or so. (i know, even more pieces to fail)
i’m trying to get http commands working from vera to ezlo, at the moment i’m trying to dim certain dimmer to a level. When i try it via posman sending this GET command https://192.168.0.110:17000/v1/method/hub.item.value.set?_id=5f305e6d124c3510a3c3cc57&value_int=40 with authorization i’m managing to dim the dimmer to 40% but when i try it from test command from vera i can’t:
