Invalid response, status code: 400

[majurgens]

The Panasonic cloud was down for several hours today (even their app was not working) and now that it is back up I am getting the following error when trying to connect. Presumably there has been some kind of upgrade/protocol change

Traceback (most recent call last):
  File "/tmp/python-panasonic-comfort-cloud/pcomfortcloud.py", line 5, in <module>
    __main__.main()
  File "/tmp/python-panasonic-comfort-cloud/pcomfortcloud/__main__.py", line 202, in main
    session.login()
  File "/tmp/python-panasonic-comfort-cloud/pcomfortcloud/session.py", line 99, in login
    self._create_token()
  File "/tmp/python-panasonic-comfort-cloud/pcomfortcloud/session.py", line 132, in _create_token
    raise ResponseError(response.status_code, response.text)
pcomfortcloud.session.ResponseError: Invalid response, status code: 400 - Data: {"code":"4000"，"message":"Missing required header parameter or bad request for header"}

[mcbrain78]

Same here, tried to override the header version with 19.1, 19.2, 20 and it didn't help

[mlpplm]

Same here. With "X-APP-VERSION: 1.17.0" the response is: {"code":"4106", "message": "New version app has been published"} and with "X-APP-VERSION: 1.18.0" {"code":"4000"，"message":"Missing required header parameter or bad request for header"}. Thus, this time they must have changed the required headers and just finding a new version number won't work (i.e. 1.18.0 is probably still the right one).

[MatthK]

Also looking for a solution :|

I'm getting a {"code":"4100","message":"Token expires"} reply. But the login doesn't work.

Edit: After some more fiddling, I now get a null reply. And this is a curl log:

*   Trying 54.192.18.107:443...
* Connected to accsmart.panasonic.com (54.192.18.107) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=JP; ST=Osaka; L=Kadoma City; O=Panasonic Operational Excellence Co., Ltd.; CN=accsmart.panasonic.com
*  start date: Feb  9 00:04:34 2023 GMT
*  expire date: Mar  8 14:59:00 2024 GMT
*  subjectAltName: host "accsmart.panasonic.com" matched cert's "accsmart.panasonic.com"
*  issuer: C=JP; O=Cybertrust Japan Co., Ltd.; CN=Cybertrust Japan SureServer CA G4
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55a99c179210)
> GET /device/group HTTP/2
Host: accsmart.panasonic.com
x-app-type: 0
x-app-version: 1.18.0
x-user-authorization: userToken
user-agent: G-RAC
accept: application/json; charset=UTF-8
content-type: application/json

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 400 
< content-type: application/json
< content-length: 89
< date: Thu, 14 Sep 2023 14:39:28 GMT
< x-amzn-requestid: fb226a71-9c7f-4cb7-89c5-507f786c9cae
< x-amzn-errortype: BadRequestException
< x-amz-apigw-id: LQEtLHmRtjMF-kQ=
< via: 1.1 e65b689f7dfd671452b5d6aa170bc3f0.cloudfront.net (CloudFront), 1.1 ae21288860f8ce57d2c67159e0264a1c.cloudfront.net (CloudFront)
< x-amz-cf-pop: HKG62-C1
< x-cache: Error from cloudfront
< x-amz-cf-pop: HKG62-C2
< alt-svc: h3=":443"; ma=86400
< x-amz-cf-id: _qXXi99VszBiZ4BsY1EmkrRkC1trlsDvUxK95ZKpMUgS9mZThpkPBg==
< x-xss-protection: 1; report=1;mode=block
< x-frame-options: DENY
< content-security-policy: script-src 'self' 'unsafe-inline'
< x-content-type-options: nosniff
< strict-transport-security: max-age=31536000; includeSubDomains
< 
* Connection #0 to host accsmart.panasonic.com left intact

[ajimix]

Looks like panasonic broke the login call. Strangely it still works in their app without any update needed

[marc2016]

The REST call needs some additional headers:
X-APP-TYPE:1 X-APP-VERSION:1.18.0 Accept:application/json; charset=utf-8 Content-Type:application/json User-Agent:G-RAC X-APP-TIMESTAMP:1 X-APP-NAME:Comfort Cloud X-CFC-API-KEY:Comfort Cloud
The last three are new for me.

[LudovicRousseau]

I had to accept a new confidentiality policy on the iPhone application. But that does not solve the problem. I still have the same error:

pcomfortcloud.session.ResponseError: Invalid response, status code: 400 - Data: {"code":"4000"，"message":"Missing required header parameter or bad request for header"}

But thanks to @marc2016 it now works for me with this patch:

diff --git a/pcomfortcloud/session.py b/pcomfortcloud/session.py
index bf9f6a5..cb15ec0 100644
--- a/pcomfortcloud/session.py
+++ b/pcomfortcloud/session.py
@@ -110,6 +110,9 @@ class Session(object):
             "X-APP-TYPE": "1",
             "X-APP-VERSION": "1.19.0",
             "X-User-Authorization": self._vid,
+            "X-APP-TIMESTAMP": "1",
+            "X-APP-NAME": "Comfort Cloud",
+            "X-CFC-API-KEY": "Comfort Cloud",
             "User-Agent": "G-RAC",
             "Accept": "application/json; charset=utf-8",
             "Content-Type": "application/json; charset=utf-8"

[MatthK]

Awesome, that fixed it for me too.

How do you guys find that out? That is just really cool.