New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yale Smart Alarm integration unresponsive #17396
Comments
@domwillcode are you aware of any API issue? |
It unfortunately seems as though the API is redirecting to the Yale home page. As you say, it could be due to the upgrade but I'm concerned the API may have been discontinued. |
Think I have same issue. Hass says:
|
Hi, |
Mine is also not working .80.3 |
Oddly mine hasn't been working for a week or so now. I haven't had a response from Yale yet. I asked them and ASSA ABLOY customer services again yesterday but I suspect they are probably quite busy with their recent down time. I'll keep pushing for it (and eventually try their social media if I don't have any luck) so watch this space. I can still log in to the API and make all of the arm/disarm calls as expected. The API is just giving a "panel offline" error when I try to get or set status. |
I do not know when exactly it was implemented - I would imagine it was the cause of the app being unusable a week or so ago though - but the newest version of the app is using a different API to the one being used by Home Assistant. The new API is "https://mob.yalehomesystem.co.uk/yapi/api". It is structured differently and when I tried to log into it without copying all of the headers (including a pre-existing auth token) it failed saying "invalid client". From what I have seen, I would suggest that there is no immediate desire by Yale to make this a publicly accessible / documented API. |
The following is a packet capture of logging in through the app:
The following is a packet capture of setting the alarm through the app:
I have been able to replicate logging in using postman by copying the headers from the first request. I can also do get requests, e.g. get the alarm mode. However, all attempts to make updates have not worked; they all timeout after 30s. It is just cut off the bottom of the capture from the app, but it returns a field called "time" and a value of a little over 1, so my assumption is it should only take 1s to execute. I am not sure what is missing. |
Hi guys, I don’t mind not being able to turn the Alarm off or on, it’s the status that’s most useful for my automations |
Awesome, thanks for the PCAP. I've been meaning to grab one myself. I'll try and experiment with it and see if I can get this working again using the new API. I've still had nothing back from Yale and very much doubt I will get any official support, I'll keep trying. |
@domwillcode what would be interesting is if the first token used to login is the same for everyone. As I said I don't know if I should post the whole thing here. However mine starts with "VnVWWDZYVjlXSUNz" and ends with "GR0bmNndQ==" do others have the same? |
@evoio |
Yeah, it's oauth2 so it's most likely the client application auth token assigned generated by the provider and specific to the yale app 'client' and should be common across everyone's instance. What did you use to capture the traffic on android? From what I understand, if that token is the client token and not some generated token as a result, it should be transmitted over SSL as it should be private to the application and server. Odd. |
Looks like SSL Capture did the trick and intercepts the SSL traffic with a vpn proxy, awesome (who knew android was this insecure...). It's the same key. I've got a 55eGhrc0U in the middle. It must be the client application auth token we can use to auth. I'm mobile at the moment but I'll experiment with this once I'm near a computer. |
So it seems the mode setting issue is due to the proxy on the main DNS timing out. However, when you make the original request it returns a host:port combo (6013 in my case) which you can then use for future requests. This allows you to use your generated token to set the mode with a POST to ...:6013/yapi/api/panel/mode/. A GET to the same endpoint will return the correct result. Oddly, a GET to the proxy will return an incorrect state of the alarm (which happens to be the same state the old API would return after it stopped working). We're getting somewhere. It'd just be nice if Yale/ASSA supplied an official app token for the HA client... |
Great spot @domwillcode. I added the port and I can now set my alarm using it. Yeah some sort of support for third party integrations would be great. Considering this is the revamp - and after the experience of this update I imagine they won't want any major updates any time soon - it seems pretty closed. |
Using the refresh token is pretty straight forward it turns out. You hit the same endpoint as login but you use a "grant_type" of "refresh_token" and replace username / password with refresh_token=. This gives a new refresh token that can be used to refresh again. This would need to be done less than every 10 hours. |
Hi guys, |
Managed to get this to work but also had to snoop the initial token. Unsure if that expires |
I have something working, but unfortunately its in Node.js... Without trying to reverse engineer the app - which I initially tried before I realised I don't really know Android - we can't be sure of the life of the token. My token has stayed the same since I took the captures a week ago. However we can't say that it is either not time-based - with a relatively long duration - or that Yale might decide to change it in the future - likely without warning because well, its not exactly a supported API. |
If this new method involves a few unofficial steps. Could it be created as a custom component instead of an official HA component? |
I'd argue that it is no less supported than the old API. It too is based on an undocumented API, likely reverse engineered as the new one has been. As previously discussed what we need is Yale to deliver a properly supported API like every respectable smart device manufacturer should. However it is done, the component in its current form is defunct. The API it is based on has been decommissioned so either it needs to be updated to the new API or removed. Creating a new component is not strictly necessary. Replacing it with one based on the new API would not be a breaking change. |
Indeed, the only issue with this new API is the client key which isn't exactly publicised... Changing the component to use the new API calls shouldn't be an issue and would probably benefit from the refresh token rather than constant logins, too. Although that'd require a slight modification to the HA component rather than just the client. The real solution would be for Yale to provide a client application key specifically for HA but they won't talk to me. So unless someone fancies taking to Twitter/Social Media to get their attention... |
Hi guys Have you guys had anymore success? |
Thanks for all your hard work trying to get this working again. Got my yale system and it worked initially for me on 0.81.6 but then just stopped working. As with phairplay - the alarm status is the most important for me as I had automations based on it and a status indicator integrated on the Lovelace floorplan which are now all missing :( |
would you be able to share this code so someone else might be able to port it to python? |
Not sure if I'm just incredibly lucky, or misreading the above but mine seems to still be working. I am running 82.1 and getting errors in the log, but it still seems to be reading the state accurately. I have automations which use the state as a condition so I am very pleased it's working but now worried it's going to break at some point! |
Are you still able to arm it? I am between ordering Yale and Honeywell Evohome. I currently have PhoneWatch (also called Sector Alarm across Europe https://www.sectoralarm.com/group-overview/sector-alarm-in-europe/) - if anyone has experience with either system I welcome your advice, and will in the meantime patiently await the hope that @evoio will share his code and save us all 😉 |
Sorry all, been very busy. I have pushed my code here: I've just tested it and it still works with the same tokens that were extracted way back when the switch happened. Couple things, 1) sorry it was originally only written with my consumption in mind, I'll try and add more docs, 2) I want to use MQTT + NodeRED for my logic layer and HA only for presentation so it includes some MQTT stuff. To use it:
If all goes well you should see output something like this: Logging in... This exposes an API on port 3000 and MQTT. GET /alarm/mode |
@evoio Thank you so much. I'm not much of a python coder but I'll start converting the existing hass plugin over to this. I'll keep everyone up to date here unless someone else comes in and does it before me :) |
@evoio thanks for your work - it’s much appreciated :) |
@vortex-uk Fancy giving my conversion a try? For now you need to replace the client.py file in your install, if it works for you I will create a pypi repo for it and submit a change to hass. Firstly you need to find the existing file:
For me that was:
Now download the updated file, update the path in this command to match the output from your find:
Now restart hass and it should work before as per your previous config. Let me know how you get on. |
@laf |
@phairplay I’ve never used or looked into hass.io so I couldn’t tell you :( |
@laf I have tested your client.py update and it is now working great! Cheers for your hard work on fixing this! |
@itshusi thanks for testing. To be honest it was all @evoio really @evoio, can I buy you a beer or two? If so, my email is in my profile, drop me a message and I’ll send some money you’re way. |
@laf In that case, thank you to you and @evoio 👍 |
@laf, great work! Apologies for dropping off the face of the earth, life took over. If you want to use the existing pypi repo and drop a pull request in, I'm happy to push it up/throw the permissions your way? |
@domwillcode PR submitted. Check it over though, whilst a couple of people have tested it - don't assume it's all correct :) |
@laf That's awesome, thanks! It just so happens I had an hour spare, so I've poached what you've done (move the get into a new function), thrown it into the repo (https://github.com/domwillcode/yale-smart-alarm-client/tree/dev/update-new-yale-api) and run some tests on it. It works a charm :) |
@domwillcode Awesome :) You doing the pull request to hass or do you want me to? |
I'll bump it into hass in a mo! Would you mind having a butchers at domwillcode/yale-smart-alarm-client#4? |
I'll just test it, give me 5 minutes. |
Looks good and works fine @domwillcode :) |
p.s I owe you a couple of beers as well, feel free to drop me a mail and I'll send you some beer money. |
Nice one, thank you! I believe it is I who owe you the beers for your help, so same goes ;) I'll probably look into making better use of the refresh token at some point (perhaps over the holidays), but for now, it's working well. Cheers. |
I updated the code for client.py having previously installed via pip. However when attempting to use a very simple test script, calling get_armed_status() it bums out with a JSON error - any ideas?: python alarm_part_arm.py
|
@mcgurdan I've posted in the issue you created with a debug to try |
So, my api request is resulting in a null data field. I am unsure what I am missing, sounds like a stupid question but which app are people using? iOS or Android? I am on iOS and I am wondering if it does something different than what has been found here. |
Hi, I've been following along with this issue since Yale changed their API. Was going to help myself but never got round to it and was all to happy to see you guys had come up with a fix! I've tested version 0.1.5 of the python client locally and it all works great. Pending the now merged PR being released I've manually been using the updated version 0.1.5 with home assistant. When I first set it up it all worked fine but I noticed after coming back to it after some time it was completely unresponsive again. I believe it's down to access codes expiring and the client not noticing as the error response has changed. I'm working on a PR to fix it but am just curious that noone has had this happen to them? |
Home Assistant release with the issue:
0.80.0Last working Home Assistant release (if known):
0.79.0
Operating environment (Hass.io/Docker/Windows/etc.):
Hassbian - PI B+Component/platform:
https://www.home-assistant.io/components/alarm_control_panel.yale_smart_alarm/
Description of problem:
After upgrading to 0.80.0 on 12 Oct the Yale Smart Alarm no longer is responding. The alarm is still working via the native Yale app.
Problem-relevant
configuration.yaml
entries and (fill out even if it seems unimportant):Traceback (if applicable):
The text was updated successfully, but these errors were encountered: