Comcast Xfinity X-1

Sure would like Xfinity supported. The DirecTV component is great, why no Xfinity ?

There is a way to control the X1 platform, it is not local though. Makes calls to Xfinity servers. I have control over both my cable boxes. Remote button commands and text commands (voice commands). I am still beta testing. Works via MQTT or HTTP (get or post).

Verrry interesting. Would be interested in giving this a try, any plans to publish your work?

I am going to build an integration at some point if I can come up with the funds needed to spend the time on the project. I have everything working at this point. The server authenticates with your Xfinity username and passwords, gets your device data and creates tokens for each device. Then you can send commands to the X1 boxes through HTTP or MQTT. It is built as a stand alone server currently just running on a dev box of mine. I just have to build in the functions to refresh the tokens on an error and a specific interval. Sending text as a voice command has proven a useful feature for me. If I get enough request and support I believe I can get this out to the community.

This sounds awsome

Interested in an update on this integration…, thanks!

Why would you go through the trouble to post this and then not share the code or provide more details or an update? Perhaps others can finish the work and make it available? That’s the spirit of HA and OpenSource.

Xfinity has changed their authentication methods and the code no longer works. Others have been having issues with this authentication change with the Xfinity data usage sensor.

@JCGrzywna If you decide to share the code, that would increase the likely hood you got it working again. In view of the new media browser feature, this is much more interesting than ever.

Please consider the suggestion.

1 Like

Make sense. Thank you for the update! @JCGrzywna

@Dansker Agreed, even if it doesn’t still work, still putting it out there for others to build on would be nice.

@devboss I think I have a pretty well understanding of how to control the X1 boxes. I was able to reverse-engineer the Adaptive Remote but, I do not have any experience creating integrations. Right now, I am using the rest_command service and manually updating the authorization tokens using a template sensor. If someone would be willing to help create an integration, I could share what I have found out so far.

Great news, thank you!

The integration would need to be setup using a config flow but, I have no Idea how to create an custom component. Also, there would need to be the ability to setup multiple devices. The best option would probably be a remote entity.

Config Flow:

First, a POST request is made to The request should include {"partner":"comcast","clientDeviceId":"UUID"}. The UUID is a version 4 UUID. The response to this request provides a expiration time in the form of a Unix timestamp. After this time is reached, the config flow should be terminated. The POST request also provides a pairing code to be showed to the user. The user needs to enter this in the Easy Pair app on their X1 box. Lastly, it provides a authorization token to be used later.

Next, every 5-10 seconds a POST request should be made to The same content, {"partner":"comcast","clientDeviceId":"UUID"}, should be sent. Additionally, X-Authorization: Auth Token should be sent as a header. The authorization token is the one from the previous step. The request responds with a status of WAITING_FOR_STB until the code is entered on the X1 device. After the pairing code is enter on an X1 box, the status changes to CONFIRMED and it is no longer necessary to keep pinging the /confirm url. Additionally, an access request token is provided. This should be saved for when making the API calls to Xfinity. An expiration date for the new token is provided in a UNIX timestamp. When this date is reached, the integration should trigger a reauthorization flow.


To send a button command, a POST request is sent to The content of this request: {"arToken":"Access Request Token","vcode":"Button Code"} The possible button codes are listed below. They are case-sensitive and must be all caps. To send a voice command, a POST request is sent to The content of this request: {"arToken":"Access Request Token","cmd":"Text to Be Sent as Voice Command"}

Button Codes

MENU (Xfinity Button)
PLAY (Play/Pause Button)
PREV (Last/Back Arrow Button)
COLOR_KEY_0 (Triangle A Button)
COLOR_KEY_1 (Square B Button)
COLOR_KEY_2 (Circle C Button)
COLOR_KEY_3 (Rhombus D Button)

Edit: Even though the Easy Pair login method is not compatible with non X1 cable boxes, it is simpler to authenticate and only needs reconfigured every year. I don’t understand how exactly the email and password login method works but, if your capture the access request token in Chrome and use it, the token appears to only be valid for around 1 month. So, I think the best option would be to use the Easy Pair method outlined above and not support non-X1 boxes.

DId anyone ever get this to work? I got the pairing code to work, but can’t seem to figure out the authorization on the key or voice url. I have almost enough code to make something useful.

1 Like

I just stumbled on this and this is a great idea, especially with how easy it is to pass voice commands:

curl -X POST -H "Content-Type: application/json" -d '{"arToken":"<token>","cmd":"ESPN"}'

The challenge appears to be the authentication. Any way to ensure we can programmatically get a valid token that doesn’t expire or a way to refresh it? I’ve tried getting the token with the method mentioned, but keep getting:

curl -X POST -d '{"partner":"comcast","clientDeviceId":"f48082b3-75e6-4fff-bf3d-bc69c28f8869"}'
{"msg":"An invalid clientDeviceId value was given","code":"START-PAIRING-BAD-CLIENT-DEVICE-ID"}%   

This is some fantastic info, thanks @pizzakid25!

Comcast was kind enough to leave us some reasonably well-documented and un-obfuscated javascript lying around at

It looks like in order to refresh your arToken, you just POST to /api/v1/auth/token/refresh. Pass your existing arToken in the Authentication header and this will return a new one.

These tokens are JWTs, so you can paste one into and it will decode it for you. You can see when it was issued (‘iat’) and expires (‘exp’) along with details like device and account IDs.

I have a Postman collection that will do all this for you if somebody wants all the details.

1 Like

I know I’m sort of lagging here, but where do you find the UUID? I’ve gone through all the settings and info I can find and I can’t find a 32 digit number for this.

Also, is this still as far as this has gone? I’m net to trying to control my Comcast box and IR has been an absolute nightmare. I’m hoping there’s a working integration and I’m just missing it.

I appreciate your help!

Sorry to bother you, but how would I find the UUID of my X1 box? I’ve looked everywhere I know of and I can’t find any 32 digit UUID.

I would greatly appreciate your reply. I’m trying to control mine this way because IR control is a nightmare.


I believe you can use any UUID you want, it is just an identifier. Here, I made one just for you :slight_smile:


Just pass the same UUID to both the pairing/start and paring/confirm endpoints.