Authentication errors with rest_command defined in configutation.yaml but curl works

I am attempting to define a rest_command which will have the same effect as this successful curl command executed from a command line:

curl -X POST -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"state": "on"}' \
"http://192.168.xxx.xxx:8123/api/states/light.study_light"

When I attempt the same by defining a rest_command and calling it from dev-service, I get the following error.

2019-02-26 16:14:55 WARNING (MainThread) [homeassistant.components.rest_command] Error 401 on call http://192.168.xxx.xxx:8123/api/states/light.study_light.

I have tried these three constructions, two with the same access token (with an without a prefix of Bearer) as used with the curl command and one with the legacy api password:

set_study_light_on:
  method: POST
  url: "http://192.168.xxx.xxx:8123/api/states/light.study_light"
  headers:
    content-type: application/json
    authorization: "Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  payload: '{"state": "on"}'

set_study_light_on_2:
  method: POST
  url: "http://192.168.xxx.xxx:8123/api/states/light.study_light"
  headers:
    content-type: application/json
    authorization: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  payload: '{"state": "on"}'

set_study_light_on_3:
  method: POST
  url: "http://192.168.xxx.xxx:8123/api/states/light.study_light"
  headers:
    content-type: application/json
    password: !secret http_pw
  payload: '{"state": "on"}'

All fail with the same error message.

I assume that this may have something to do with the authentication (authorization or password) header. The docs https://www.home-assistant.io/components/rest_command/ give an example of usage with an access token, but the token itself is only shown as:

authorization: !secret rest_headers_secret

It does not show the format of the token.

Any tips?

Thanks!

After two days of pulling my hair out, reading docs and reading countless forum posts, I figured it out. Here is the answer in case anyone else is struggling.

Working examples:

rest_command:

  # Using long lived access token - Create one by logging in to your HA frontend and opening this page http://IP_ADDRESS:8123/profile.

  set_study_light_on_1:
    url: http://localhost:8123/api/states/light.study_light
    method: POST
    headers: 
      authorization: 'Bearer YOUR_LONG_LIVED_ACCESS_TOKEN'
      content-type: 'application/json'
    payload: '{"state":"on"}'

  # Using legacy API - Being deprecated, so don't use
  set_study_light_on_2:
    url: http://localhost:8123/api/states/light.study_light
    method: POST
    headers: 
      x-ha-access: 'YOUR_API_PASSWORD_HERE'
      content-type: 'application/json'
    payload: '{"state":"on"}'

I’ve made a pull request https://github.com/home-assistant/home-assistant.io/pull/8780 to add this use case to the RESTful command description: [https://www.home-assistant.io/components/rest_command/]

4 Likes