HTTP API for Scene access / error logging

Discussions about Z-Way software and Z-Wave technology in general
ridewithstyle
Posts: 61
Joined: 02 Jan 2016 01:20

Re: HTTP API for Scene access / error logging

Post by ridewithstyle » 12 Dec 2018 13:01

Hi there,

I finally got some proper developer feedback from 2N, I'll just paste the reply here

Code: Select all

I have some conclusion for you.

As you can see on image below, left side shows communication between 2N IP intercom and 2N IP intercom, so one is server and second is as client. 

When HTTP command is sent, server side tells client side which authentication methods will be used in header showing those methods, and client side choose the more secured one.

When we take a look on right side of image it shows communication with your server, which however does not reply with header offering authentication methods. In such case IP intercom will choose to use more secured again.

So as conclusion, if your server sends in header it wants to use basic method, IP intercom will use it.

It is possible when web browser receives such reply from your server it will just try basic first so it works for you, however our devices are designed to use more secured way of communication if server does not properly responds.

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field of the form Authorization: Basic <credentials>", where credentials is the base64 encoding of id and password joined by a colon.

It is specified in RFC 7617 from 2015, which obsoletes RFC 2617 from 1999.

So we are using Basic according to this RFC and we are expecting to received header with authentication methods available. .
So it seems that Z-Way needs to "simply" ask for basic authentication and we're done here (or implement Digest authentication as well).

Can I request this as a feature update? :-)

Thanks and best regards,
rws
Attachments
Proper_auth.png
Proper_auth.png (151.56 KiB) Viewed 132 times

ridewithstyle
Posts: 61
Joined: 02 Jan 2016 01:20

Re: HTTP API for Scene access / error logging

Post by ridewithstyle » 22 Jan 2019 19:41

Any of the developers care to comment on this? It's a real bugger that I can't integrate my doorbell into z-way :-/

Regards,
rws

Post Reply