API Connectivity Issue


#1

Hello Rachio team,

I’m attempting to leverage the public API, but the API is continually returning this error:

{"errors":[{"message":"The client is not authorized."}]}

I’m sending this command (with my API token – not the one displayed below):

curl -X GET -H "Authorization:Bearer 8e600a4c-0027-4a9a-9bda-dc8d5c90350d" https://api.rach.io/1/public/person/24763e8a-4418-11e4-a183-164230d1df6

Any idea what might be causing this?

On another note, the “Public API support forum” link on this page https://rachio.readme.io/v1.0/docs is returning this: “Oops! That page doesn’t exist or is private.”

Thanks in advance for any help you can offer!


#3

Sorry, upon reviewing your post a second time, I noticed you did clarify that you are using your own API token, I’ll leave it up to Rachio team to troubleshoot this issue.

Oups,
Gene


#4

Thanks, Gene. Appreciate you taking a stab at this. Will wait to see what the Rachio team has to say.


#5

@chobo2017

I would not ever post token keys in public, they can be used to access your controller through the API.

Also if you logout, your current token is expired, and you get a new one.

I’ve PMed you your current token.

:cheers:


#6

wow, API is only valid as long as the user is logged in? Does it time out due to inactivity?

I was considering to add rain delay support via Rachio’s API to wufyi so that if rain is detected, but we are not yet sure about validity of the data reported by the weather underground, wufyi would activate a temporary rain delay until the data is verified and rain delay can be disabled if precipitation data was deemed to be false.

If users will have to constantly update their API tokens, noone will end up using it.

Is there a way to obtain a persistent API tokens?

Edit: I’ve just logged out, and back in (via https://app.rach.io/), my API token did not change. How long does the user have to be logged out for, before the token is invalidated?


#7

@franz

Thanks for the reply. As per my earlier post, the key above wasn’t my key, but the one listed on this page: https://rachio.readme.io/docs/authentication.

Interestingly, the key you PM’ed me also didn’t work. I’m sending the cURL command via Terminal on macOS 10.12.5. Using the new key you sent resulted in the same error. Might there be something else going on here?

Also, thoughts on Gene’s question? Do tokens/keys expire at logout or after a period of time?

Thanks!


#8

Can you share your complete URL command? Use demo API of course.
Never mind, I really need to pay more attention. I’m sure you are using it exactly like in the example.
Have you tried “–header” instead of “-H”, not sure if it would make a difference, but…

Edit: After reading mac’s documentation on curl, “–header” should not make a difference. It did mention something about possibility of additional headers, but I didn’t get too deep into it.


#9

@Gene

That was built in, but looking at the clients they do their own logout, which doesn’t affect the cloud logout.

It’s used for other invalidation I don’t need to get into.

:cheers:


#10

I sent you the correct CURL command, don’t know where you were getting the person ID.

This endpoint is where it can be retrieved.

https://api.rach.io/1/public/person/info


#11

So to summarize:

First get your API token at https://app.rach.io/

Then get person_ID here:
curl -X GET -H “Authorization:Bearer API_token” https://api.rach.io/1/public/person/info
System will return
{“id”:“person_ID”}

Finally you are ready to start using API via a full URL:
curl -X GET -H “Authorization:Bearer API_token” https://api.rach.io/1/public/person/person_ID

Of course make sure to replace API_token and person_ID with real values.

Cheers,
Gene


#12

Is one API token only authorized to access one person_ID, or can multiple stations (persons) be managed using one API token as long as their person_IDs are known?

For example: Lets say I want to add a rain delay feature to wufyi.com. Do I need to know each person’s API tokens or just their Person IDs? It seems I need their API token just to look up their personal ID, but can I ever use anything other than their API token to interact with their personal ID?

Cheers,
Gene


#13

Yes, one token per person.

:cheers:


#14

@franz Can you elaborate more on the cloud logout? How long can API tokens be expected to remain valid?
If the API token provided by the user is suddenly invalidated (expired), is there a way to get an updated token without bothering the user?


#15

@Gene

They currently should not expire.

There is no endpoint to support that. At some point we will expose the ability to retrieve tokens programatically.

:cheers: