Skip to content

v1.2.0 — API Proxy, Per-User Colors & Passwordless Registration

Choose a tag to compare

@WJDDesigns WJDDesigns released this 14 Mar 02:49

🔐 Security & Authentication

  • API Proxy Endpoint — New /api/ultra_card_pro_cloud/proxy view routes authenticated API calls from the card through the integration, keeping JWT tokens strictly server-side. The frontend never receives or transmits the token
  • Token Stripped from Sensor — The token field is no longer included in sensor attributes returned to the frontend. All cloud API calls now use the proxy path instead
  • Admin-Only Auth Guards — Login, logout, and shared sign-in endpoints now require the requesting HA user to be an admin or owner. Non-admin users receive a clear 403 response

✨ New Features

  • Passwordless Registration — The /api/ultra_card_pro_cloud/register endpoint no longer requires a password from the user. A secure random token is generated server-side for backward compatibility with the ultracard.io API, and users receive an email to finish setting their own password
  • Per-User Favorite Colors — Favorite colors are now stored per HA user (users.<user_id>.colors) in the HA .storage file, with automatic fallback to the legacy global colors key for existing installs. Different users on the same HA instance each get their own color palette
  • Form-Encoded Registration Fallback — If the ultracard.io API returns a 400 password required for a JSON registration request, the integration automatically retries as application/x-www-form-urlencoded for compatibility with older API builds

🐛 Bug Fixes

  • Registration Flow — Removed the post-registration auto-login that attempted to re-use HA config entries synchronously. Registration now returns a success message and the user signs in separately, eliminating a race condition on slow HA instances
  • Color Store SafetyGET /api/ultra_card_pro_cloud/colors and POST now guard against missing or malformed store data, returning an empty array instead of crashing