Hi all,
I'm doing some experiments with razberry and, as a good noob, I'm already stuck with sending commands to the board.
I've installed the latest firmware (2.1.1) and every time I try to send a command I get the error "403 Permission denied".
With fiddler I'm sending post (also "get" returns the same result) commands like this one:
http://192.168.27.106:8083/ZWaveAPI/Run ... 37].Set(0)
with headers:
User-Agent: Fiddler
Host: 192.168.27.106:8083
Content-Length: 0
Authorization: Basic YWRtaW46YWRtaW4=
The encoded string is the login and password in this form -> admin:admin
I was not able to find an explanation on the developers PDF, can someone, please, shed some light on what I am doing wrong?
ZWave API authentication
Re: ZWave API authentication
Hi,
I've just used the ZAutomation API / VDev, there you have to use the following URL with POST request, it's also not documented:
Header: "Accept": "application/json", "Content-Type": "application/json"
Data: {"form":True, "login": ZWAY_LOGIN, "password": ZWAY_PWD, "keepme":False, "default_ui":1}
Maybe it's helping you.
EDIT: In fact it should be possible to use the ZAutomation API with an Anonymus user without logging in, but than you should trust the external login service / you just want access in your own network.
I've just used the ZAutomation API / VDev, there you have to use the following URL with POST request, it's also not documented:
Maybe you'll find something like that for ZWaveAPI, or maybe ZAutomation API is enough for your case. Depends on what you are planning to do.https://<your_ip>:<your_port>/ZAutomation/api/v1/login
Header: "Accept": "application/json", "Content-Type": "application/json"
Data: {"form":True, "login": ZWAY_LOGIN, "password": ZWAY_PWD, "keepme":False, "default_ui":1}
Maybe it's helping you.
EDIT: In fact it should be possible to use the ZAutomation API with an Anonymus user without logging in, but than you should trust the external login service / you just want access in your own network.
Re: ZWave API authentication
Thanks for your answer, I solved my problem using Zautomation url as also you suggested, then saving the session's cookie and doing a second call passing the cookie.
What I was trying to do, was to avoid two calls, but there is no noticeable delay, so I will go with this solution.
What I was trying to do, was to avoid two calls, but there is no noticeable delay, so I will go with this solution.
Re: ZWave API authentication
Basic auth support was added in 2.1.2-rc's, so you may simply update 
Re: ZWave API authentication
Is there anyway not to auth on localhost? I believed that if I added all my devices to rooms and then give localuser access to the rooms I would not need to authenticate, however this does not seem to be the case.
I currently patch the init.d z-way-server to update the session cookie on startup / restart. I then use a cron script to refresh that once every 24 hours, to minimize delay. It's about 200-300ms delay penalty on the original Raspberries.
I currently patch the init.d z-way-server to update the session cookie on startup / restart. I then use a cron script to refresh that once every 24 hours, to minimize delay. It's about 200-300ms delay penalty on the original Raspberries.
Re: ZWave API authentication
I'm trying to access data over the HTTP interface and am stuck on authentication. I tried the ZAutomation suggestion above, but it didn't work for me. I may not understand how to use the cookie. I sent the following HTTP command:
POST /ZAutomation/api/v1/login HTTP/1.1
Accept: application/json
Content-Type: application/json
Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f
Host: 192.168.1.100:8083
Connection: close
User-Agent: Paw/2.2.3 (Macintosh; OS X/10.10.3) GCDHTTPRequest
Content-Length: 84
{"form":"True","login":"admin","password":"admin","keepme":"False","default_ui":"1"}
And got the following response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
X-API-VERSION: 2.0.1
Date: Sun, 25 Oct 2015 18:38:55 GMT
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Type, ETag, X-API-VERSION, Date, Cache-Control, If-None-Match, Content-Language, Accept-Language, ZWAYSession
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Set-Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f; Path=/; HttpOnly
Connection: close
Access-Control-Allow-Credentials: true
Content-Length: 390
Transfer-Encoding: chunked
186
{"data":{"sid":"07a7fc6c-828d-d648-2eed-7e54f919e80f","id":1,"role":1,"name":"Administrator","lang":"en","color":"#dddddd","dashboard":["ZWayVDev_zway_2-0-49-4","ZWayVDev_zway_2-0-37","ZWayVDev_zway_2-0-50-2"],"interval":2000,"rooms":[0],"hide_all_device_events":false,"hide_system_events":false,"hide_single_device_events":[],"expert_view":true},"code":200,"message":"200 OK","error":
I too the cookie from the "Set-Cookie" field of the response and formulated the following POST:
POST /ZWaveAPI/Data/* HTTP/1.1
Accept: application/json
Content-Type: application/json
Set-Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f; Path=/; HttpOnly
Host: 192.168.1.100:8083
Connection: close
User-Agent: Paw/2.2.3 (Macintosh; OS X/10.10.3) GCDHTTPRequest
Content-Length: 0
I get a "403 Forbidden" response with a "Permission Denied" in the body. Is there documentation that explains the authentication requirements?
Thanks,
-Doug
POST /ZAutomation/api/v1/login HTTP/1.1
Accept: application/json
Content-Type: application/json
Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f
Host: 192.168.1.100:8083
Connection: close
User-Agent: Paw/2.2.3 (Macintosh; OS X/10.10.3) GCDHTTPRequest
Content-Length: 84
{"form":"True","login":"admin","password":"admin","keepme":"False","default_ui":"1"}
And got the following response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
X-API-VERSION: 2.0.1
Date: Sun, 25 Oct 2015 18:38:55 GMT
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Type, ETag, X-API-VERSION, Date, Cache-Control, If-None-Match, Content-Language, Accept-Language, ZWAYSession
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Set-Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f; Path=/; HttpOnly
Connection: close
Access-Control-Allow-Credentials: true
Content-Length: 390
Transfer-Encoding: chunked
186
{"data":{"sid":"07a7fc6c-828d-d648-2eed-7e54f919e80f","id":1,"role":1,"name":"Administrator","lang":"en","color":"#dddddd","dashboard":["ZWayVDev_zway_2-0-49-4","ZWayVDev_zway_2-0-37","ZWayVDev_zway_2-0-50-2"],"interval":2000,"rooms":[0],"hide_all_device_events":false,"hide_system_events":false,"hide_single_device_events":[],"expert_view":true},"code":200,"message":"200 OK","error":
I too the cookie from the "Set-Cookie" field of the response and formulated the following POST:
POST /ZWaveAPI/Data/* HTTP/1.1
Accept: application/json
Content-Type: application/json
Set-Cookie: ZWAYSession=07a7fc6c-828d-d648-2eed-7e54f919e80f; Path=/; HttpOnly
Host: 192.168.1.100:8083
Connection: close
User-Agent: Paw/2.2.3 (Macintosh; OS X/10.10.3) GCDHTTPRequest
Content-Length: 0
I get a "403 Forbidden" response with a "Permission Denied" in the body. Is there documentation that explains the authentication requirements?
Thanks,
-Doug
Re: ZWave API authentication
I answered my own question after further searching the board and experimenting. I found another post with some example javascript that helped (viewtopic.php?f=3419&t=21931&p=57704&hi ... ion#p57704).
My problem was I needed to use the "Cookie" header field, not the "Set-Cookie" header.
-Doug
My problem was I needed to use the "Cookie" header field, not the "Set-Cookie" header.
-Doug