If get poses extra security risk, it may be only allowed when switched on with a specific yaml key.
+1 for GET…
I made a work around of creating a GET url through IFTTT with Webhooks, then connecting it to the HA generated POST URL with a second webhook. But the latency is like 3-4 seconds due the use of the cloud. Not optimal, but it is working for now until this gets baked in to HA.
Please please please.
Shelly have long press button option. And I want to use this to turn off a ton of lights when I leave the house.
But Shelly only supports get requests.
Surely accepting get in webhooks is a feasible feature?
Thanks
+1 for GET webhooks
+1 for GET webhooks
I think it would be fairly simple to add this feature. Anyway I just wanted to post a workaround I did to get this working for me (for a shelly) but this requires you run home assistant behind a reverse proxy like nginx. In my case I just added this to change the http method.
Here is the functioning workaround I’m using:
location /api/webhook {
allow 192.168.1.0/24; # this allows only local network calls in my case, change this to fit your network
deny all; # deny all other endpoints
proxy_pass http://localhost:8123$request_uri;
proxy_method POST; # this is the magic change, sets method as POST
proxy_set_header Host $host;
# for some reason i got application/octet-stream as a response so i added this to fix it
proxy_hide_header Content-Type;
add_header Content-Type text/plain;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
+1 for GET webhooks
+1 would be really nice for my MOBOTIX Doorbell!
I’ve created a rather rudimentary work around for this, just while they are sorting out natively. all the code (the very few lines of it) is here: GitHub - t00ks/homeassistant_webhook_proxy: A very simple proxy to allow calling Home Assistant web-hooks via GET . I’m not sure a .net core api is really necessary, its possible you’d be able to do this with nginx with just a little bit of config, but i’ve got a background in .net development so I did this to test it out… and as with any test, its now running in production
+1 to have GET webhook for the same reason. I can’t get HA notification if Mobotix doorbell rings.
Please vote on first post as well. As far as I can see, a lot of +1 posters did not vote. And the more I compare, the less is the voting.
Echoing @arganto’s request for folks in this discussion to scroll up to the first post in the thread, and click the Vote button there. It currently sits at 46 votes. Your vote does matter!
I might also suggest a plus-one on the PR that already exists (since September 2021) for adding this feature: Allow GET in webhook triggers #56446
And perhaps similar enthusiasm for an issue that I opened with this feature request: Webhooks missing support for GET requests #65348
(There was an earlier issue for webhooks GET support, but it was closed with a PR for a more specific change, “Webhook for Traccar”. So, new issue and new(ly active) PR. Hopefully we can see this pushed through.)
Oh happy day, see this comment:
When esev will proceed with his PRs, we hopefully have the best of best in the near future. Selection of methods and options for security.
Is there any news for this? I hope to see “GET” webhooks real soon.
+1 for the GET webhooks please
Not a proper support from HA side but if you have an nginx server (I suppose you can install it also as addon in hassio) it does the trick.
configuration copy/paste assumptions
Your HA domain: home-assistant.example.com
Your webhook short domain: bang.example.com
Your letsencrypt folder: /etc/letsencrypt/live/home-assistant.example.com
Your notification device: notify.mobile_app_joe_phone
usage
$ curl bang.example.com # Get a notification named "Bang!"
$ curl bang.example.com/your_task_finished # Get a notification named "your_task_finished"
so what?
How many times did you run a long task and wanted to know when it finished?
$ sleep 10 ; curl bang.example.com/yawn # Get a notification named "yawn" when sleep task ends
considerations
Be mindful that curl doesn’t use HTTPS by default so any message you put will be clear text through the internet. Of course, you can always use HTTPS for more important notifications:
curl https://bang.example.com/my_secret_notification
Configurations
NGINX
server directive: /etc/nginx/sites-available/bang
server {
server_name bang.example.com;
listen 80;
include /etc/nginx/conf.d/bang.conf;
}
server {
server_name bang.example.com;
listen 8443 ssl http2;
include /etc/nginx/conf.d/ssl.conf;
include /etc/nginx/conf.d/bang.conf;
error_page 497 https://bang.example.com:443/$request_uri;
}
ssl conf: /etc/nginx/sites-available/ssl.conf
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
ssl_certificate /etc/letsencrypt/live/home-assistant.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/home-assistant.example.com/privkey.pem;
ssl_stapling on;
resolver 127.0.0.1 [::1]:5353;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/home-assistant.example.com/fullchain.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_session_timeout 5m;
shared conf: /etc/nginx/sites-available/bang.conf
# set default message
set $message "Bang!";
# remove leading '/'
if ($uri ~ ^/(.*)$) { set $text $1; }
# set default message if nothing was passed
if ($text != '') {
set $message $text;
}
location / {
proxy_method POST;
proxy_set_body '{"text": "$message"}';
proxy_set_header Content-Type "application/json";
proxy_pass https://home-assistant.example.com/api/webhook/send_an_alert_message?;
}
HOME-ASSISTANT
automation: /config/automations.yaml
- id: alert_webhook
alias: Alert webhook
description: Alert webhook
trigger:
- platform: webhook
webhook_id: send_an_alert_message
action:
- service: notify.mobile_app_joe_phone
data:
title: Alert
message: '{{ trigger.json.text }}'
Slightly off-topic, I use the above workaround when I use “random” computers without all my settings. For everyday fancier notifications coming from my devices I created a proper script:
shell script: ~/bin/bang
#!/bin/sh
DEFAULTVALUE="Hey, whatever you were waiting for is now completed!"
MESSAGE="${1:-$DEFAULTVALUE}"
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"${MESSAGE}\"}" https://home-assistant.example.com/api/webhook/send_an_alert_message
usage
Assuming you put the script in your path
$ bang # Get a notification named "Hey, whatever you were waiting for is now completed!"
$ bang "Yeah" # Get a notification named "Yeah"
$ sleep 10 ; bang "Finally!!" # Get a notification named "Finally!!" when sleep task ends
+1 for the GET webhooks please
+1 more for GET webhooks
+1 for GET webhooks
Thank you for sharing this code.
Slightly modified for Add-on: NGINX Home Assistant SSL proxy
location /api/webhook {
proxy_pass http://homeassistant.local.hass.io:%%HA_PORT%%$request_uri;
proxy_method POST; # this is the magic change, sets method as POST
proxy_set_header Host $host;
proxy_redirect http:// https://;
# for some reason i got application/octet-stream as a response so i added this to fix it
proxy_hide_header Content-Type;
add_header Content-Type text/plain;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}